[Beowulf] One time password generators...

[Billy Crook]

On Tue, Mar 24, 2009 at 17:25, Robert G. Brown <rgb at phy.duke.edu> wrote:
> Doing certain classes of work one has to satisfy e.g. banking due
> diligence, which tends to be stronger than ordinary cluster due
> diligence.  One aspect of that security (generally required, quite
> independent of whether or not it really increases security) is "strong
> authentication", currently held to be multifactor authentication, e.g.
> SSH keys AND a one-time password, a password AND biometrics, etc.
>
> I've got a possible gig set up that may need this and have been
> investigating the OTP devices for cost and linux capability.  The cost
> seems generally to be "high", and while there are a few that are
> up-front linux capable, it seems to be really difficult to find a
> company that will just sell you a key generator at (say) $10 a pop and
> give you a matching piece of software to run on your linux server.
>
> There are a couple of possible exceptions to pursue in addition to the
> e.g. RSA-like solutions with their enormous cost, but I thought I'd
> throw it out to the group here too.  Is there a straightforward low-cost
> way to generate OTP's without ten thousand dollar server software
> packages?
>
>   rgb
>
> Robert G. Brown                        http://www.phy.duke.edu/~rgb/
> Duke University Dept. of Physics, Box 90305
> Durham, N.C. 27708-0305
> Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu

If you want to spend as little as possible:
http://www.cl.cam.ac.uk/~mgk25/otpw.html

And if your users don't like typing long random things in, but you
still want them to use one-time credentials:
http://www.yubico.com/products/yubikey/

Both can be integrated with PAM.  Yubikeys go for $25 (less in
quantity).  Their server side software is Free Software, hosted on
Google Code. http://code.google.com/u/simon75j/