At http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html it says the Debian machines were compromised by password sniffing from other compromised machines. If you use one time passwords instead, then password sniffing doesn't yield useful information and the damage from this sort of failure would be more limited.
As you probably know, the packages for that are opie-server and libpam-opie on the server, and opie-client on the client. You'd also have to edit /etc/pam.d/{login,ssh} to mention libpam-opie, at least. Finding and installing a skey calculator on a personal organizer is probably better than using opie-client on a machine that's connected to the internet and therefore conceivably compromised. To discourage people from typing into a potentially compromised machine, you certainly don't want to have opie-client installed on any central server. I just started using opie on fungible.com, and it seems to work well so far. Is there some issue with opie that would cause problems when using it on the Debian servers? -- Tim Freeman [EMAIL PROTECTED] I xeroxed a mirror. Now I have an extra xerox machine. -- Steven Wright