Accessing Connected Devices and Managing Power > Obtaining and Using One Time Passwords for Dial-ins

Obtaining and Using One Time Passwords for Dial-ins
This section is for users who are authorized to dial into the OnSite through a modem or phone PCMCIA card if the one time password (OTP) authentication method is configured for dial-ins to that device. If you are not sure, ask your OnSite administrator.
If the OTP authentication method is in effect for dial-ins to a modem or phone card, you need to supply a different password whenever you dial-in. Because OTP passwords are different every time, no one who discovers the password that you use for one session can use that password later to connect to your account.
A one time password is actually a group of six English words (for example: GOLD ARK FISH DOVE SON ZION) that are entered all on the same line at the prompt. You might be given a series of one time passwords; following is an example sequence:
At the first login, you would enter the password from line 498, on the next login, you would enter line 497, and so forth.
Each user who needs to use OTP needs a local user account on the OnSite, must be registered with the OTP system, and must be able to obtain the OTP username, OTP secret pass phrase, and OTP passwords needed for logins. See the following list for how the OnSite administrator may register and give OTP passwords to users:
AND
Some sites choose to print out hard copy lists of OPIE passwords for their users and deliver them by methods such as FAX or FedEx.
OR
Make sure users are equipped with an OTP generator that is not on the network to generate their own OTP passwords when challenged at login time.
The OTP generator may be a copy of the opiekeys program installed on the user’s workstation, or it may be an OTP token card.
To Generate an OTP Password When Challenged at Dial-in
Following is an example procedure for a user who has /etc/opiekeys installed on the user’s workstation:
1.
The OnSite challenges with a sequence number (also called a counter) and a seed (or key) associated with the username and asks for a response.
The seed includes the first two letters of the hostname and a pseudo random number.
The challenge is otp-md5 499 on93564. The sequence number /counter is 499 and the seed is on93564.
2.
a.
The otp-md5 portion of the challenge is a symbolic link to the opiekey program and tells the opiekey program to use the MD5 algorithm. opiepasswd then prompts the user for the user’s secret pass phrase.
b.
The opiekey program generates a six word OTP password, such as GOLD ARK FISH DOVE SON ZION.
3.
The user’s sequence number is decremented in the OnSite-resident opiekeys file.

Accessing Connected Devices and Managing Power > Obtaining and Using One Time Passwords for Dial-ins