Hi,

I've been using Linux for quite a few years, and my network (home network, but also used for web hosting, VPN, SAN, and development) has expanded to six boxes. I'm thinking about implementing OpenLDAP so that all of the machines will authenticate from a single source.

Now, what got me thinking: at work, I login to secure systems using a SafeWord card - it's a hardware OTP generator, where I type in a 4-digit numeric pin (it looks like a pocket calculator) and it pops up with a one-time password.

Is there anything based on the OTP scheme for a smaller network, importantly it has to be cheap or open-source?

A) How would this work server-side? Is there anything that works with LDAP or should I just go with Kerberos or something else?

B) what about the token? I emailed some of the companies that sell this stuff, and they have a 25-token minimum. Is there any company that will sell five of these, and has cheap software? Or what about making one using something like a Basic STAMP (www.parallax.com) with an LCD and a keypad? If not, I have a Palm OS handheld, what about using that? There would have to be some algorithm which generates the passwords from a pass key, and also some way of using the central authentication (LDAP server?) to have the same password set.

...just wondering if anything like that is out there.

Let me clarify something.... I've looked in to OPIE, etc.

I do not want anything where I would have to write down the list of passwords, or generate them on my Linux box.

I want to type in the passphrase and generate the password either on a Palm or other handheld system, or on an embedded hardware system, like a STAMP or other microcontroller.

OPIE can be configured this way. You can run the generator with the original seed and your password and get the same list of passwords on any machine/platform. Would be nice to write a PHP OPIE engine and put it up via SSL, too.