freebsd man page for pam_opieaccess

Freebsd Man Pages All Man Pages Latest Topics Forum Categories

Query: pam_opieaccess

OS: freebsd

Section: 8

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

PAM_OPIEACCESS(8)					    BSD System Manager's Manual 					 PAM_OPIEACCESS(8)


NAME

     pam_opieaccess -- OPIEAccess PAM module


SYNOPSIS

     [service-name] module-type control-flag pam_opieaccess [options]


DESCRIPTION

     The pam_opieaccess module is used in conjunction with the pam_opie(8) PAM module to ascertain that authentication can proceed by other means
     (such as the pam_unix(8) module) even if OPIE authentication failed.  To properly use this module, pam_opie(8) should be marked
     ``sufficient'', and pam_opieaccess should be listed right below it and marked ``requisite''.

     The pam_opieaccess module provides functionality for only one PAM category: authentication.  In terms of the module-type parameter, this is
     the ``auth'' feature.  It also provides null functions for the remaining module types.

   OPIEAccess Authentication Module
     The authentication component (pam_sm_authenticate()), returns PAM_SUCCESS in two cases:

     1.   The user does not have OPIE enabled.

     2.   The user has OPIE enabled, and the remote host is listed as a trusted host in /etc/opieaccess, and the user does not have a file named
	  .opiealways in his home directory.

     Otherwise, it returns PAM_AUTH_ERR.

     The following options may be passed to the authentication module:

     allow_local  Normally, local logins are subjected to the same restrictions as remote logins from ``localhost''.  This option causes
		  pam_opieaccess to always allow local logins.

     debug	  syslog(3) debugging information at LOG_DEBUG level.

     no_warn	  suppress warning messages to the user.  These messages include reasons why the user's authentication attempt was declined.


FILES

     /etc/opieaccess	List of trusted hosts or networks.  See opieaccess(5) for a description of its syntax.

     $HOME/.opiealways	The presence of this file makes OPIE mandatory for the user.


SEE ALSO

     opie(4), opieaccess(5), pam.conf(5), pam(8), pam_opie(8)


AUTHORS

     The pam_opieaccess module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research
     Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.


BSD
								 October 26, 2007							       BSD
Related Man Pages
pam_unix(8) - freebsd
pam_unix(8) - netbsd
pam_exec(8) - freebsd
pam_opie(8) - freebsd
pam_ldap(8) - opendarwin
Similar Topics in the Unix Linux Community
FreeBSD Kernel Internals, Dr. Marshall Kirk McKusick
Scripts without shebang
Reason for no directory creation date
Valid separator in time and date format
Controlling user input