This is a sample "passwd" file used for OTP token authentication. Actually, it's not a sample file, but it does document the format and legal values. The default location is /etc/otppasswd. This file must be mode 0400 or 0600 and owned by the user the radius server runs as (for FreeRADIUS) or root (for PAM). The format is username:card_type:key[:pin], eg bob:cryptocard-d8-es:0101010101010101 The username is limited in that the ':' character may not appear. The pin is optional (do not include the bracket characters!). The valid card types are: CRYPTOCard: cryptocard-h8-rc random challenge, 8 digit hex response. cryptocard-d8-rc random challenge, 8 digit decimal response. cryptocard-h7-rc random challenge, 7 digit hex response. cryptocard-d7-rc random challenge, 7 digit dec response. cryptocard-hp-rc random challenge, phone hex response. cryptocard-p7-rc random challenge, phone dec response. cryptocard-h8-es event synchronous (only), 8 digit hex response. cryptocard-d8-es event synchronous (only), 8 digit decimal response. cryptocard-h7-es event synchronous (only), 7 digit hex response. cryptocard-d7-es event synchronous (only), 7 digit decimal response. cryptocard-hp-es event synchronous (only), phone hex response. cryptocard-dp-es event synchronous (only), phone decimal response. cryptocard-h8-rs rc or es, 8 digit hex response. cryptocard-d8-rs rc or es, 8 digit decimal response. cryptocard-h7-rs rc or es, 7 digit hex response. cryptocard-d7-rs rc or es, 7 digit decimal response. cryptocard-hp-rs rc or es, phone hex response. cryptocard-dp-rs rc or es, phone decimal response. TRI-D: (email fcusack@fcusack.com) trid-alpha-3 TRI-D alpha card trid-beta-1 TRI-D beta card trid-beta-2 TRI-D beta card