OPIE PAM module
The OPIE authentication service module for PAM,
provides functionality for only
one PAM category: that of authentication. In terms of the
parameter, this is the
” feature. It also provides a null
function for session management.
Note that this module does not enforce
checks. There is a separate module,
for this purpose.
The OPIE authentication component provides functions to verify the identity of a
()), which obtains
credentials. It provides the user with an OPIE challenge, and verifies that
this is correct with
The following options may be passed to the authentication module:
debugging information at
- This option will require the user to authenticate himself as the user
not as the account they are attempting to access. This is primarily for
where the user's ability to retype their own password might be deemed
- Do not generate fake challenges for users who do not have an OPIE key.
Note that this can leak information to a hypothetical attacker about who
uses OPIE and who does not, but it can be useful on systems where some
users want to use OPIE but most do not.
ignores the standard
, since a challenge must be
generated before the user can submit a valid response.
- default OPIE password database.