1 - implement options use_first_pass and try_first_pass, like 2 the kerb5 module does (pb) 3 4 - check what other "standard" options every pam module should 5 offer (pb) 6 7 - option for otpw-gen to generate only one single password (pb) 8 9 - global config file; reduce the number of compile-time options (pb) 10 11 - move .otpw out of home directory, in order to 12 - make it work if $HOME is not yet mounted (/var/otpw/$LOGNAME) (pb) 13 - users can be prevented from recycling passwords 14 (this would require otpw-gen to become setuid) (some U.S. nuclear lab) 15 16 - add generation time and (optional) expiry time to .otpw file (pb) 17 18 - what happens with the 3-password challenge if there is only 19 a single password left? (pb) 20 21 - make lock timeout (default 24 h) configurable (pb) 22 23 - "buddy file" with list of other users who can add a one-time password 24 25 - add GPL boilerplate more prominently 26 27 - Compiling on openSUSE 10.3/x86_64 leads to: 28 ld --shared -o pam_otpw.so pam_otpw.o otpw-l.o rmd160.o md.o \ 29 -lcrypt -lpam -lpam_misc 30 ld: pam_otpw.o: relocation R_X86_64_32 against `a local symbol' can not 31 be used when making a shared object; recompile with -fPIC 32 pam_otpw.o: could not read symbols: Bad value 33 34- option for pam_otpw to restrict the passwords actually used to a 35 subset (e.g., range, modulus), for the case where multiple hosts 36 have copies of the same password file but must not ask for the same. 37