Board index Linux Networking

TTY Login With Dynamic (Predefined) Password

TTY Login With Dynamic (Predefined) Password

Post by Young4er » Tue, 26 Dec 2000 07:14:46



Hi,

For security purposes, I am interested in having the user's password
automatically changed to a list of predefined password once the user has
remotely logged on to the Linux machine.  In other words, the user has a
list of his own (or a predefined) password and if s/he does a successfull
login onto a Linux machine, the machine will automatically change his
password to the one next on the (predefined) list.  If I am not mistaken,
there should be such a package/script for Linux machine.

If you know of such a software/script package, please kindly post the
pointer.  TIA.

 
 
 
Top

TTY Login With Dynamic (Predefined) Password

Post by David Efflan » Tue, 26 Dec 2000 12:45:04



>Hi,

>For security purposes, I am interested in having the user's password
>automatically changed to a list of predefined password once the user has
>remotely logged on to the Linux machine.  In other words, the user has a
>list of his own (or a predefined) password and if s/he does a successfull
>login onto a Linux machine, the machine will automatically change his
>password to the one next on the (predefined) list.  If I am not mistaken,
>there should be such a package/script for Linux machine.

>If you know of such a software/script package, please kindly post the
>pointer.  TIA.

Wouldn't it be easier to use ssh so everything is encrypted and you don't
have to worry about it.  I believe there is an ssh client for Windows
called putty.  Since you can use compression for ssh, the encryptation
really doesn't slow you up any.

But if they do regularly login from public machines, it would be a good
idea to rotate passwords.  I am not sure how to non-interactively rotate
the passwords (from their $HOME/.bash_profile or $HOME/.login depending
upon shell), but you might take a look at mkpasswd which could randomly
set a new password for the specified user.

--

http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

 
 
 
Top

TTY Login With Dynamic (Predefined) Password

Post by phi » Tue, 26 Dec 2000 15:22:29



the following lines of wisdom:

Quote:>Hi,

>For security purposes, I am interested in having the user's password
>automatically changed to a list of predefined password once the user has
>remotely logged on to the Linux machine.  In other words, the user has a
>list of his own (or a predefined) password and if s/he does a successfull
>login onto a Linux machine, the machine will automatically change his
>password to the one next on the (predefined) list.  If I am not mistaken,
>there should be such a package/script for Linux machine.

>If you know of such a software/script package, please kindly post the
>pointer.  TIA.

The only thing I can think of is that, you do one of the following
1) Hack PAM modules so that once the user successfully logs in, the password
is changed.
2) Make a script to change passwords to predefined ones and add it to the
users login scripts (or logout scripts)
3) Have a cronjob detecting if the user has logged out in the last minute, and
if so, change the password.
Phil.
 
 
 
Top

TTY Login With Dynamic (Predefined) Password

Post by Michael Heimin » Tue, 26 Dec 2000 19:08:26


Hello,

if I understand right, this could be done with openssh

http://www.openssh.com/ --> openssh-2.3.0p1

Look for:

--with-skey will enable S/Key one time password support. You will need
the S/Key libraries and header files installed for this to work.

in the README & docs, if you have problems look in comp.security.ssh,
hopefully there will be
someone around who may give you a hint.

Good luck and be sure to have all those libraries aroung when you compile...

Michael Heiming


> Hi,

> For security purposes, I am interested in having the user's password
> automatically changed to a list of predefined password once the user has
> remotely logged on to the Linux machine.  In other words, the user has a
> list of his own (or a predefined) password and if s/he does a successfull
> login onto a Linux machine, the machine will automatically change his
> password to the one next on the (predefined) list.  If I am not mistaken,
> there should be such a package/script for Linux machine.

> If you know of such a software/script package, please kindly post the
> pointer.  TIA.

 
 
 
Top

TTY Login With Dynamic (Predefined) Password

Post by Dan Whit » Wed, 27 Dec 2000 12:48:12




> Hi,

> For security purposes, I am interested in having the user's password
> automatically changed to a list of predefined password once the user has
>  remotely logged on to the Linux machine.  In other words, the user has
> a  list of his own (or a predefined) password and if s/he does a
> successfull  login onto a Linux machine, the machine will automatically
> change his  password to the one next on the (predefined) list.  If I am
> not mistaken,  there should be such a package/script for Linux machine.

> If you know of such a software/script package, please kindly post the
> pointer.  TIA.

They're called one time passwords (OTP). On debian, there's otp and
opie-client packages. See:

http://inner.net/pub/opie/

- Dan White

 
 
 
Top

TTY Login With Dynamic (Predefined) Password

Post by Young4er » Wed, 27 Dec 2000 20:30:33





> > Hi,

> > For security purposes, I am interested in having the user's password
> > automatically changed to a list of predefined password once the user has
> >  remotely logged on to the Linux machine.  In other words, the user has
> > a  list of his own (or a predefined) password and if s/he does a
> > successfull  login onto a Linux machine, the machine will automatically
> > change his  password to the one next on the (predefined) list.  If I am
> > not mistaken,  there should be such a package/script for Linux machine.

> > If you know of such a software/script package, please kindly post the
> > pointer.  TIA.

> They're called one time passwords (OTP). On debian, there's otp and
> opie-client packages. See:

> http://inner.net/pub/opie/

> - Dan White

Thank you very much for the info.
 
 
 
Top

1. PPP login using a dynamic password?

I need to setup my home system to login the company's network and make a
PPP connection, however, I also need to specify a password dynamically
(the password is specified "randomly" from my SecureID card).  Is there
a way to have my PPP connect script prompt me for the password?

Thanks,

Dave

2. Tcsh 6.03 on Solaris 2.1 x86

3. How to move SCO login to different tty/ and remove it all together

4. CDU-55S SCSI CD-ROM troubles

5. tty / pts problem: login, telnet, etc hangs

6. Whats the diff between "agp 8x" & "agp 8x pro"?

7. Cannot login on any tty :-( - HELP!!!

8. Linux on my Toshiba laptop

9. Dynamic passwords and Chap, how?

10. Deny root login to tty

11. PPP: Dynamic Password

12. PPP dialer that handles dynamic one-time passwords.

13. same tty login in Solaris 2.3?


All times are UTC
Board index