GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  PAM_OPIE (8)

NAME

pam_opie - OPIE PAM module

CONTENTS

Synopsis
Description
     OPIE Authentication Module
Files
See Also

SYNOPSIS

[service-name] module-type control-flag pam_opie [options]

DESCRIPTION

The OPIE authentication service module for PAM, pam_opie provides functionality for only one PAM category: that of authentication. In terms of the module-type parameter, this is the "auth" feature. It also provides a null function for session management.

Note that this module does not enforce opieaccess(5) checks. There is a separate module, pam_opieaccess(8), for this purpose.

    OPIE Authentication Module

The OPIE authentication component provides functions to verify the identity of a user (pam_sm_authenticate), which obtains the relevant opie(4) credentials. It provides the user with an OPIE challenge, and verifies that this is correct with opiechallenge(3).

The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
auth_as_self
  This option will require the user to authenticate himself as the user given by getlogin(2), not as the account they are attempting to access. This is primarily for services like su(1), where the user’s ability to retype their own password might be deemed sufficient.
no_fake_prompts
  Do not generate fake challenges for users who do not have an OPIE key. Note that this can leak information to a hypothetical attacker about who uses OPIE and who does not, but it can be useful on systems where some users want to use OPIE but most do not.

Note that pam_opie ignores the standard options try_first_pass and use_first_pass, since a challenge must be generated before the user can submit a valid response.

FILES

/etc/opiekeys
  default OPIE password database.

SEE ALSO

passwd(1), getlogin(2), opiechallenge(3), syslog(3), opie(4), pam.conf(5), pam(8)
Search for    or go to Top of page |  Section 8 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.