#11828: Look into using one-time-passwords as secondary authentication method for baron -------------------------+---------------------------- Reporter: zooey | Owner: haiku-sysadmin Type: task | Status: new Priority: normal | Milestone: Component: Sys-Admin | Version: Resolution: | Keywords: Blocked By: | Blocking: Has a Patch: 0 | Platform: All -------------------------+---------------------------- Comment (by jprostko): I can confirm that Centinel's solution works. Currently on the test deployment (at least for my account), I need a OTP to get on the server and then an OTP to use sudo. Keep in mind that if you log in and then immediately go to use sudo, you have to wait for the next OTP in the rotation. This makes sense though, since they are one-time passwords and all. Do we need `su -l` to require a OTP as well? I would think we'd hit the same problem that Centinel hit when he made the change to having sudo use the user's password and not the root password for the server. I kind of think having OTP for sudo is sufficient. In any case, Oliver, how would you like to proceed? Should only sudo utilize OTP, or would you like the server login to require it as well. Maybe it depends on the server? -- Ticket URL: <https://dev.haiku-os.org/ticket/11828#comment:22> Haiku <https://dev.haiku-os.org> Haiku - the operating system.