User`s guide

Accessing Connected Devices and Managing Power 119
Obtaining and Using One Time Passwords for Dial-ins
Some sites choose to print out hard copy lists of OPIE passwords for their
users and deliver them by methods such as FAX or FedEx.
OR
Make sure users are equipped with an OTP generator that is not on the
network to generate their own OTP passwords when challenged at login
time.
The OTP generator may be a copy of the opiekeys program installed on the
users workstation, or it may be an OTP token card.
T To Generate an OTP Password When
Challenged at Dial-in
Following is an example procedure for a user who has /etc/opiekeys
installed on the users workstation:
1. Dial into the OnSite through a PCMCIA modem or phone card that has
been configured to use OTP authentication.
The OnSite challenges with a sequence number (also called a counter) and
a seed (or key) associated with the username and asks for a response.
The seed includes the first two letters of the hostname and a pseudo
random number.
The challenge is otp-md5 499 on93564. The sequence number /
counter is 499 and the seed is on93564.
2. Obtain an OTP password by performing the following steps.
a. Copy the entire challenge into a window on a computer where the
opiekey program is installed.
The otp-md5 portion of the challenge is a symbolic link to the
opiekey program and tells the opiekey program to use the MD5
algorithm. opiepasswd then prompts the user for the users secret
pass phrase.
b. Enter your secret pass phrase when prompted.
login: username
otp-md5 499 on93564
Response: