home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Unix System Administration Handbook 1997 October
/
usah_oct97.iso
/
index
/
opie.txt
< prev
next >
Wrap
Text File
|
1997-09-22
|
4KB
|
114 lines
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
INDEX ENTRY FOR OPIE:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Name: opie - Modern one-time password system
Version: 2.31
Author(s): Dan McDonald, Craig Metz, and Randall Atkinson,
U.S. Naval Research Laboratory
Phil Karn, Neil M. Haller, and John S. Walden, Bellcore (S/KEY**)
On the CD-ROM in: security/opie.tar
Ftp source: ftp.nrl.navy.mil:/pub/opie
ftp.inner.net:/pub/opie
Note: Several other OTP tools and ports can also be found at the NRL site.
Size on the CD: 707 KB (uncompressed)
Description:
OPIE is an implementation of the One-Time Password (OTP) System
that was published as IETF standards-track RFC 1938 and continues
to evolve as an IETF standard. OPIE provides a one-time password
system. The system should be secure against the passive attacks
now commonplace on the Internet (see RFC 1704 for more details).
The system is vulnerable to active dictionary attacks, though
these are not widespread at present and can be detected through
proper use of system audit software.
OPIE is primarily written for UNIX-like operating systems, but we
are working to make applicable portions portable to other
operating systems. The OPIE software is derived in part from and
is fully interoperable with the Bell Communications Research
(Bellcore) S/KEY Release 1 software. Because Bellcore claims
"S/KEY" as a trademark for their software, NRL was forced to use
a different name (we picked "OPIE") for this software
distribution.
OPIE includes the following additions/modifications to the
original Bellcore S/KEY(tm) Version 1 software:
* Just about three command installation (unpack the software, run the
configure script, and run make install). While we still recommend that
you follow instructions and test things by hand, the more adventurous
can install OPIE quickly.
* A modified BSD FTP daemon that does OTP.
* A version of su that uses OTP by default.
* MD5 support. MD5 is now the default algorithm, though MD4 is still
supported by changing a parameter in the Makefile. This change was
made because MD5 is widely believed to be cryptographically stronger
than MD4 (see RFC 1321).
* A more portable version of MD4 has been substituted for the original
MD4. This should solve the endian problems that were in S/KEY.
* Most of the system-dependencies have been moved to the file "opie_cfg.h".
* Configuration options have been moved to the Makefile.
* Isolated system dependencies (e.g. BSDisms) with appropriate #ifdefs.
* Revised the opiekey(1) program to simultaneously support MD4 and MD5,
with the default algorithm being tunable using the MDX symbol in the
Makefile.
* More operating systems are supported by recent versions of OPIE, but
older BSD systems that aren't close to being compliant with the POSIX
standard are no longer supported.
* Transition mechanisms are optional to prevent potential back doors.
* On systems using the /etc/opieaccess transition mechanism, users can
choose to require the use of OPIE to login to their accounts when it
would otherwise be optional.
* Bug fixes
* Cosmetic changes
* Prompts (optionally) identify specifically what kind of entry (system
password, secret pass phrase, or OTP response) is allowed.
* Changes to mostly conform with the draft Internet OTP standard.
-- Adapted from the 2.3 README file
Advertised architectures:
Not stated, but should be widely portable
Prerequisites:
In order to build and run properly, OPIE requires:
* A UNIX-like operating system
* An ANSI C compiler and run-time library
* POSIX.1- and X/Open XPG-compliance (including termios)
* The BSD sockets API
* Approximately five megabytes of free disk space
In practice, we believe that many systems who are close to
meeting these requirements but aren't completely there (for
example, SunOS with the native compiler) will also work. Systems
who aren't anywhere near close (for example, DOS) are not likely
to work without major adjustments to the OPIE code.
** S/KEY is a trademark of Bellcore.