pam_rhosts(8) [netbsd man page]

PAM_RHOSTS(8)						    BSD System Manager's Manual 					     PAM_RHOSTS(8)

NAME

     pam_rhosts -- rhosts PAM module

SYNOPSIS

     [service-name] module-type control-flag pam_rhosts [options]

DESCRIPTION

     The rhosts authentication service module for PAM provides functionality for only one PAM category: authentication.  In terms of the
     module-type parameter, this is the ``auth'' feature.

   Rhosts Authentication Module
     The Rhosts authentication component (pam_sm_authenticate()), returns success if and only if the target user's UID is not 0 and the remote
     host and user are listed in /etc/hosts.equiv or in the target user's ~/.rhosts.

     The following options may be passed to the authentication module:

     debug	 syslog(3) debugging information at LOG_DEBUG level.

     no_warn	 suppress warning messages to the user.  These messages include reasons why the user's authentication attempt was declined.

     allow_root  do not automatically fail if the target user's UID is 0.

SEE ALSO

     hosts.equiv(5), pam.conf(5), pam(8)

AUTHORS

     The pam_rhosts module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division
     of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.

BSD
								 December 5, 2001							       BSD

PAM_OPIEACCESS(8)					    BSD System Manager's Manual 					 PAM_OPIEACCESS(8)

NAME

     pam_opieaccess -- OPIEAccess PAM module

SYNOPSIS

     [service-name] module-type control-flag pam_opieaccess [options]

DESCRIPTION

     The pam_opieaccess module is used in conjunction with the pam_opie(8) PAM module to ascertain that authentication can proceed by other means
     (such as the pam_unix(8) module) even if OPIE authentication failed.  To properly use this module, pam_opie(8) should be marked
     ``sufficient'', and pam_opieaccess should be listed right below it and marked ``requisite''.

     The pam_opieaccess module provides functionality for only one PAM category: authentication.  In terms of the module-type parameter, this is
     the ``auth'' feature.  It also provides null functions for the remaining module types.

   OPIEAccess Authentication Module
     The authentication component (pam_sm_authenticate()), returns PAM_SUCCESS in two cases:

     1.   The user does not have OPIE enabled.

     2.   The user has OPIE enabled, and the remote host is listed as a trusted host in /etc/opieaccess, and the user does not have a file named
	  .opiealways in his home directory.

     Otherwise, it returns PAM_AUTH_ERR.

     The following options may be passed to the authentication module:

     allow_local  Normally, local logins are subjected to the same restrictions as remote logins from ``localhost''.  This option causes
		  pam_opieaccess to always allow local logins.

     debug	  syslog(3) debugging information at LOG_DEBUG level.

     no_warn	  suppress warning messages to the user.  These messages include reasons why the user's authentication attempt was declined.

FILES

     /etc/opieaccess	List of trusted hosts or networks.  See opieaccess(5) for a description of its syntax.

     $HOME/.opiealways	The presence of this file makes OPIE mandatory for the user.

SEE ALSO

     opie(4), opieaccess(5), pam.conf(5), pam(8), pam_opie(8)

AUTHORS

     The pam_opieaccess module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research
     Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.

BSD
								 October 26, 2007							       BSD