[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Use opie on Debian central servers to prevent password sniffing?

it says the Debian machines were compromised by password sniffing from
other compromised machines.  If you use one time passwords instead,
then password sniffing doesn't yield useful information and the damage
from this sort of failure would be more limited.

As you probably know, the packages for that are opie-server and
libpam-opie on the server, and opie-client on the client.  You'd also
have to edit /etc/pam.d/{login,ssh} to mention libpam-opie, at least.
Finding and installing a skey calculator on a personal organizer is
probably better than using opie-client on a machine that's connected
to the internet and therefore conceivably compromised.  To discourage
people from typing into a potentially compromised machine, you certainly
don't want to have opie-client installed on any central server.

I just started using opie on fungible.com, and it seems to work well
so far.

Is there some issue with opie that would cause problems when using it
on the Debian servers?

Tim Freeman                                                  tim@fungible.com
I xeroxed a mirror. Now I have an extra xerox machine.       -- Steven Wright

Reply to: