Dear All I write to you instead of submitting bug/wish because this is related to more than one package. This letter is related to packages login and telnetd and have security issues.
I would like to configure telnet to login only using One Time Passwords. It looks simple: install opie packagaes (server, client and pam modules), disable pasword login and add OTP login to /etc/pam.d/login. But there is one problem: it also changes behavior of login from console. *getty spawns the same /bin/login as telnetd and wants from user an OTP password, not a unix password. Temporary sollution is: auth sufficient pam_unix.so auth sufficient pam_opie.so auth required pam_deny.so (as described in libpam-opie) but it still allows users to login via telnet using unix password. I have an idea for discussion: is it possible to create two /bin/login instances (i.e. /bin/login and /bin/login-telnet) which differs only by used PAM entry? There could be also one /bin/login symlinked as /bin/login-sth. If called as /bin/login login entry in PAM is checked. If called as /bin/login-sth sth entry is checked. It would also require changes in telnetd code. New name/path of login program must be hardcoded. Also there should be an option to set this name/path from command line. If you think this idea is ok notify me, please. I will try to write patch for it. Regards Artur Czechowski Disclaimer: Feel free to cite/forward this email if you find it useful. -- Artur Czechowski JMC Sp. z o.o. e-mail: [EMAIL PROTECTED] Tel.: (0 22) 825 23 24, tel./fax.: (0 22) 825 95 58 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]