OPIE (one-time passwords in everything) software (www.inner.netpub/opie) on the OnBoard supports the one-time password (OTP) authentication method for certain types of access. This section describes the options the administrator has for configuring OTP authentication.The OnBoard root user must do the initial configuration manually (not through the Web Manager). The following table lists the configuration tasks and where they are documented.
Manually configure and mount a directory from an external storage device to use for storage of the OTP databases. The following procedures that use the Web Manager provide a step for configuring OTP authentication for dial-ins:The following procedures must be done manually. Make sure each user who needs to use OTP has a local user account, is registered with the OTP system, and is able to obtain the OTP username, OTP secret pass phrase, and OTP passwords needed for logins. See the following list for options:
• Register each user yourself and give the OTP username and OTP secret pass phrase to each user.
• Generate the needed OTP passwords on behalf of the each user and give them to each user.
• Make sure users are equipped with an OTP generator that is not on the network to generate their own OTP passwords when challenged at login time.
• See “Obtaining and Using One-time Passwords for Dial-ins” in the AlterPath OnBoard User’s Guide.For more details about OTP, see: http://www.freebsd.org/doc/en/books/handbook/one-time-passwords.html.