Date: Thu, 24 Jun 110 12:53:27 -0700 (PDT) From: Jim Dennis <jimd@mcafee.com> To: mark@seeware.DIALix.oz.au (Mark Hannon) Cc: freebsd-questions@freebsd.org Subject: Re: ppp with dynamic password Message-ID: <201006241953.MAA15177@mistery.mcafee.com> In-Reply-To: <DtI7B5.6q@seeware.DIALix.oz.au> from "Mark Hannon" at Jun 24, 96 12:13:53 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi,
>
> I have just started using a new dialin system to my employer. The
> login script consists of a dynamically allocated password (the password
> is set by a little credit-card device which is synced to a master clock
> and generates the password).
>
> Anybody with any ideas how to set this up with ppp??
There is an obscure option with (some implementations of???)
the shadow password suite -- where you specify an alternative
authentication method in the master password file (/etc/master.passwd)
like so:
ppp:@/usr/local/bin/secureID:1:31::0:0:Point-to-Point Protocol:/export/home:
jimd:$1$RxhpZpOH.:1000:1000::0:0:James T. Dennis:/home/jimd:/usr/local/bin/bash
Note that the ppp entry above has a password that starts with an
"@" ("at" sign) and then specificies a hypothetical program which
will prompt for, read and validate a password. I seem to recall
that I experimented with this briefly and confirmed that it worked
under Solaris, Linux and FreeBSD. The program specified should
return a 0 exit value for a valid response and a non-zero to
signify non-authorization (I tested with a shell script -- that
would be *horribly* insecure in practice).
Hope that helps.
Jim Dennis,
former System Administrator,
McAfee Associates
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006241953.MAA15177>