OPIE PAM module
The OPIE authentication service module for PAM,
provides functionality for only one PAM category: that of authentication. In
terms of the module-type parameter, this is the
auth” feature. It also provides a null
function for session management.
Note that this module does not enforce
checks. There is a separate module,
for this purpose.
The OPIE authentication component provides functions to verify the identity of a
pam_sm_authenticate()), which obtains the
credentials. It provides the user with an OPIE challenge, and verifies that
this is correct with
The following options may be passed to the authentication
debugging information at
- This option will require the user to authenticate himself as the user
not as the account they are attempting to access. This is primarily for
where the user's ability to retype their own password might be deemed
- Do not generate fake challenges for users who do not have an OPIE key.
Note that this can leak information to a hypothetical attacker about who
uses OPIE and who does not, but it can be useful on systems where some
users want to use OPIE but most do not.
pam_opie ignores the standard
use_first_pass, since a challenge must be generated
before the user can submit a valid response.
- default OPIE password database.