On Wed, Sep 13, 2000 at 09:57:21AM -0400, Anthony R. J. Ball wrote:
> I had someone ask me about an ftp with a username
> and password, which then sent back a number to type
> into a little security calculator doohickey and
> type back the proper response.
[...]
> the input looks like regular ftp login, but then shows
> them the token, and they need to see it and give the
> response. How possibly is this. If I needed to hack it
> into Net::FTP myself, where would I be able to see
> this number?
You might want to take a look at s/key, part of the logdaemon package. See:
ftp://coast.cs.purdue.edu/pub/tools/unix/logdaemon/
Or search for s/key with your favorite search engine. It might do exactly
what you describe, and it's easily ported as long as the application using
Net::FTP displays "the password prompt" to the user (including the challenge,
of course)
--
#!perl -pl # This kenny-filter is virus-free as long as you don't copy it
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):(qw(m p f))[map{((ord$&)%32-1)/$_%3}(
9,3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet
