unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (FreeBSD-5.4-RELEASE)
Page:
Section:
Apropos / Subsearch:
optional field

PAM_OPIE(8)               BSD System Manager's Manual              PAM_OPIE(8)

NAME
     pam_opie -- OPIE PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_opie [options]

DESCRIPTION
     The OPIE authentication service module for PAM, pam_opie provides func-
     tionality for only one PAM category: that of authentication.  In terms of
     the module-type parameter, this is the ``auth'' feature.  It also pro-
     vides a null function for session management.

     Note that this module does not enforce opieaccess(5) checks.  There is a
     separate module, pam_opieaccess(8), for this purpose.

   OPIE Authentication Module
     The OPIE authentication component provides functions to verify the iden-
     tity of a user (pam_sm_authenticate()), which obtains the relevant
     opie(4) credentials.  It provides the user with an OPIE challenge, and
     verifies that this is correct with opiechallenge(3).

     The following options may be passed to the authentication module:

     debug         syslog(3) debugging information at LOG_DEBUG level.

     auth_as_self  This option will require the user to authenticate himself
                   as the user given by getlogin(2), not as the account they
                   are attempting to access.  This is primarily for services
                   like su(1), where the user's ability to retype their own
                   password might be deemed sufficient.

     no_fake_prompts
                   Do not generate fake challenges for users who do not have
                   an OPIE key.  Note that this can leak information to a
                   hypothetical attacker about who uses OPIE and who does not,
                   but it can be useful on systems where some users want to
                   use OPIE but most do not.

     Note that pam_opie ignores the standard options try_first_pass and
     use_first_pass, since a challenge must be generated before the user can
     submit a valid response.

FILES
     /etc/opiekeys  default OPIE password database.

SEE ALSO
     passwd(1), getlogin(2), opiechallenge(3), syslog(3), opie(4),
     pam.conf(5), pam(8)

BSD                              July 7, 2001                              BSD