Hello, on a debian lenny system with installed and configured libpam-opie you can have more then one session at a time to attempt to authenticate a user. Meaning /etc/opielocks/ is not used. So race attacks on OTP are possible. Is that a bug in the old package or a misconfiguration on my part? thanks, PJ