TERMINAL SECURITY AND OPIE
When using OPIE, you need to be careful not to allow your password to be communicated over an insecure channel where someone might be able to listen in and capture it. OPIE can protect you against people who might get your password from snooping on the line, but only if you make sure that the password itself never gets sent over the line. The important thing is to always run the OPIE calculator on whichever machine you are actually using - never on a machine you are connected to by network or by dialup.
You need to be careful about the X Window System, because it changes things quite a bit. For instance, if you run an xterm (or your favorite equivalent) on another machine and display it on your machine, you should not run an OPIE calculator in that window. When you type in your secret password, it still gets transmitted over the network to go to the machine the xterm is running on. People with machines such as X terminals that can only run the calculator over the network are in an especially precarious position because they really have no choice. Also, with the X Window System, as with some other window system (NeWS as an example), it is sometimes possible for people to read your keystrokes and capture your password even if you are running the OPIE calculator on your local machine. You should always use the best security mechanism available on your system to protect your X server, be it XDM-AUTHORIZATION-1, XDM-MAGIC-COOKIE-1, or host access control. *Never* just allow any machine to connect to your server because, by doing so, you are allowing any machine to read any of your windows or your keystrokes without you knowing it.
ftpd(8) login(1), opie(4), opiekeys(5), opieaccess(5), opiekey(1), opieinfo(1),