This is a sample "passwd" file used for OTP token authentication.
Actually, it's not a sample file, but it does document the format and
legal values.  The default location is /etc/otppasswd.

This file must be mode 0400 or 0600 and owned by the user the radius
server runs as (for FreeRADIUS) or root (for PAM).

The format is username:card_type:key[:pin], eg

bob:cryptocard-d8-es:0101010101010101

The username is limited in that the ':' character may not appear.
The pin is optional (do not include the bracket characters!).
The valid card types are:

CRYPTOCard:
cryptocard-h8-rc	random challenge, 8 digit hex response.
cryptocard-d8-rc	random challenge, 8 digit decimal response.
cryptocard-h7-rc	random challenge, 7 digit hex response.
cryptocard-d7-rc	random challenge, 7 digit dec response.
cryptocard-hp-rc	random challenge, phone hex response.
cryptocard-p7-rc	random challenge, phone dec response.
cryptocard-h8-es	event synchronous (only), 8 digit hex response.
cryptocard-d8-es	event synchronous (only), 8 digit decimal response.
cryptocard-h7-es	event synchronous (only), 7 digit hex response.
cryptocard-d7-es	event synchronous (only), 7 digit decimal response.
cryptocard-hp-es	event synchronous (only), phone hex response.
cryptocard-dp-es	event synchronous (only), phone decimal response.
cryptocard-h8-rs	rc or es, 8 digit hex response.
cryptocard-d8-rs	rc or es, 8 digit decimal response.
cryptocard-h7-rs	rc or es, 7 digit hex response.
cryptocard-d7-rs	rc or es, 7 digit decimal response.
cryptocard-hp-rs	rc or es, phone hex response.
cryptocard-dp-rs	rc or es, phone decimal response.

TRI-D: (email fcusack@fcusack.com)
trid-alpha-3		TRI-D alpha card
trid-beta-1		TRI-D beta card
trid-beta-2		TRI-D beta card