Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PAM_OPIE(8)		  BSD System Manager's Manual		   PAM_OPIE(8)

     pam_opie -- OPIE PAM module

     [service-name] module-type	control-flag pam_opie [options]

     The OPIE authentication service module for	PAM, pam_opie provides func-
     tionality for only	one PAM	category: that of authentication.  In terms of
     the module-type parameter,	this is	the "auth" feature.  It	also provides
     a null function for session management.

     Note that this module does	not enforce opieaccess(5) checks.  There is a
     separate module, pam_opieaccess(8), for this purpose.

   OPIE	Authentication Module
     The OPIE authentication component provides	functions to verify the	iden-
     tity of a user (pam_sm_authenticate()), which obtains the relevant
     opie(4) credentials.  It provides the user	with an	OPIE challenge,	and
     verifies that this	is correct with	opiechallenge(3).

     The following options may be passed to the	authentication module:

     debug	   syslog(3) debugging information at LOG_DEBUG	level.

     auth_as_self  This	option will require the	user to	authenticate themself
		   as the user given by	getlogin(2), not as the	account	they
		   are attempting to access.  This is primarily	for services
		   like	su(1), where the user's	ability	to retype their	own
		   password might be deemed sufficient.

		   Do not generate fake	challenges for users who do not	have
		   an OPIE key.	 Note that this	can leak information to	a hy-
		   pothetical attacker about who uses OPIE and who does	not,
		   but it can be useful	on systems where some users want to
		   use OPIE but	most do	not.

     Note that pam_opie	ignores	the standard options try_first_pass and
     use_first_pass, since a challenge must be generated before	the user can
     submit a valid response.

     /etc/opiekeys  default OPIE password database.

     passwd(1),	getlogin(2), opiechallenge(3), syslog(3), opie(4),
     pam.conf(5), pam(8)

BSD				 July 7, 2001				   BSD


Want to link to this manual page? Use this URL:

home | help