Re: OTP (opie) and ssh

[Carlos Carvalho <carlos@fisica.ufpr.br>]

Lots of people are replying about the advantages/disadvantages of
using ssh **OR** otp. I fully agree; in fact I installed both here.

What I said is that it's nonsense to use ssh **AND** otp at the same
time, for the same login. If I understood correctly, Peter's setup of
ssh-pam would use otp for the ssh login. Did I miss something?

<asbestos suit>
Furthermore I usually recompile ssh without pam, because ssh is not
just a login protocol. Perhaps this could help Peter.

I also don't like the hack of making ssh refuse logins for valid RSA
keys (I only use them, no plain passwords) by just putting an invalid
password in /etc/passwd. I'm not sure this was done to ssh-nonfree,
but I think it was for openssh.

</asbestos suit>

On the subject of authentication, I'd much like to have an
authentication daemon (not running as root, preferably) that receives
a login/password and says yes or no. I could use it for granting
access to certain directories and other things. Can ldap do this? I
thought about the ldap-pam module, but haven't explored it.