This section is for users who are authorized to dial into the OnBoard through a external modem or a PCMCIA modem or phone card if the one time password (OTP) authentication method is configured for logins to that device. If you are not sure, ask your OnBoard administrator. With OTP authentication, you supply a different password whenever you dial-in, so no one who discovers the password used for one session can use that password later to access your account. A one time password is actually a group of six English words (for example: GOLD ARK FISH DOVE SON ZION) that are entered all on the same line at the prompt. You might be given a series of one time passwords; following is an example sequence:
At the first login, you would enter the password from line 498, on the next login, you would enter line 497, and so forth.Each user who needs to use OTP needs a local user account on the OnBoard, must be registered with the OTP system, and must be able to obtain the OTP username, OTP secret pass phrase, and OTP passwords needed for logins. See the following list for how the OnBoard administrator may register and give OTP passwords to users:
• Generate the needed OTP passwords on behalf of the each user and give them to each user.Some sites choose to print out hard copy lists of OPIE passwords for their users and deliver them by methods such as FAX or FedEx.
• Make sure users are equipped with an OTP generator that is not on the network to generate their own OTP passwords when challenged at login time.The OTP generator may be a copy of the opiekeys program installed on the user’s workstation or may be an OTP token card.To Generate an OTP Password When Challenged at Dial-inThis example procedure works when /etc/opiekeys is installed on the user’s workstation.
1. Dial into the OnBoard through an external modem or a PCMCIA modem or phone card that has been configured to use OTP authentication.The OnBoard challenges with a sequence number (also called a counter) and a seed (or key) associated with the username and asks for a response.The seed includes the first two letters of the hostname and a pseudo random number.The challenge is otp-md5 499 on93564. The sequence number is 499 and the seed is on93564.
a. Copy the entire challenge into a window on a computer where the opiekey program is installed.The otp-md5 portion of the challenge is a symbolic link to the opiekey program and tells opiekey to use the MD5 algorithm. opiepasswd and prompts the user for the user’s secret pass phrase.
3. Copy the OTP password to the window where the login program is waiting with the “Response” prompt.The sequence number is decremented in the opiekeys file.