Justin writes: > I did mention in my message that it's a security problem, but I also > don't think it's a big issue on a home machine,...
I don't think we should treat home users as second-class citizens. Their data is often just as valuable to them as that on your servers is to you. They are often working from home, and often stay connected for very long periods of time and have fixed IP's. I've seen many reports of home machines being cracked, some of them dynamic-ip dialups like mine. In any case, they would not be using one-time passwords if security did not matter to them. They have their reasons for being careful. Let's not second-guess them. > ...where ppp is likely to be installed. ppp is often used by small businesses. > What I was suggesting, in response to the need for dynamic password > setting, is that if the pon script looked for the password in an > environment variable it would be trivial to write a wrapper script to > query the user for it. >From what I know of the secure-card protocol, that would not work well. Each password must be used exactly once and within short period of time, so you should not ask the user for a password until you are connected to the server and it has requested one. > I don't see how you're going to query for a dynamic password without it > winding up in an environment variable,... I can see several approaches: a) Do as the secure-card example does and exec pppd after completing the login. b) Run pppd with nodetach. c) Use some sort of IPC. > ...unless you write the whole wrapper in C. I don't see that the implementation language matters. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
