Data Communications Networking Devices - 4th Ed.pdf

7.4 SECURITY DEVICES ___________________________________________________________ 807Figure7.46The ®rewall authentication processOne-time passwordsAlthough one-time passwords can be considered similar to token-based authenticationdue to the fact that they generate passwords that are valid only for one-timeuse, there are two major differences between the two authentication methods. First,the token-based authentication method involves the use of hardware by the client inthe form of a credit card-sized device that generates tokens. In comparison, onetimepasswords are generated through the use of software. A second differencebetween the two is the fact that token-based authentication methods are commercialproducts whereas some one-time password generators are in the public domain andavailable for use without incurring additional expense.Bellcore S/KEYOne example of a popular one-time password system is the Bellcore S/KEY.Currently there are two versions of S/KEY. An early version, referred to as the S/KEY reference implementation, is available from Bellcore via anonymous FTP;however, it has not been upgraded nor has the code been maintained for over thepast ®ve years. A second version of the product, simply referred to as S/KEY, is acommercial product from Bellcore that operates on a number of client and serverplatforms.The S/KEY one-time password authentication system is based on the use of twosoftware programs. One program, referred to as the key login program, operates ona server at the host site. The second program, which is called the S/KEY One-TimePassword Generator, resides on the client computer. At the time this book waswritten, server software platforms supported included SunOS, IBM AIX, HP-UX,and Solaris. Client platforms supported include MS-Windows 3.1, Windows 95,Windows NT, SunOS, IBM AIX, HP-UX, Solaris, and Apple Macintosh.