At
http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html
it says the Debian machines were compromised by password sniffing from
other compromised machines. If you use one time passwords instead,
then password sniffing doesn't yield useful information.
As you probably know, the packages for that are opie-server and
libpam-opie on the server, and opie-client on the client. You'd also
have to edit /etc/pam.d/{login,ssh} to mention libpam-opie, at least.
Finding and installing a skey calculator on a personal organizer is
probably better than using opie-client on a machine that's connected
to the internet and therefore conceivably compromised.
I just started using opie on fungible.com, and it seems to work well
so far.
Is there some issue with opie that would cause problems when using it
on the Debian servers?
--
Tim Freeman [EMAIL PROTECTED]
I xeroxed a mirror. Now I have an extra xerox machine. -- Steven Wright
