Tweaks needed to compile package (what the patch does):
tweak a number of '#include <...>' to be '#include "..."'
shamelessly nick 'readpassphrase.[ch]' from openssh
create an apprioately populated 'includes.h'
make include db_185.h instead of db.h so it works with Berkeley DB 4.x
graceful handling (no longer segfaults) of PAM_CONV_ERR. If you see this in the debug logs then it probably means you have not set 'ChallengeResponseAuthentication yes' in your /etc/ssh/sshd_config file; this took me ages to figure out :-/
Debian packages needed:
libpam-dev
libssl-dev
libdb4.4-dev (alternatively 'libdb4.3-dev' or 'libdb4.2-dev')
To compile just do:
$ tar -zxf otp-0.5.tar.gz $ cd otp/unix $ patch -p1 < ../../otp-linux.patch $ ./compile
The 'original' OTP, well as far as I am concerned.
An RFC standard for an event based OTP generator.
A HOTP implementation, but is nasty to use and they seem to want to give the ghastly impression that the device is a physical fob by using pretty pictures. Eugh! Either way, it expects you to type in the raw 8bit secret straight into the keypad whilst libpam-otp, for example, prints the hexidecimal value.
An RFC2289 calculator, rather nice, shame it only supports one host 'profile'
Although old and primary geared towards storing passwords, it also stores seperate profiles for your OTP's. Only supports RFC2298 but thats fine enough to use with libpam-opie. The best option, although only supports one OTP method.