Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_opie(8) [freebsd man page]

PAM_OPIE(8)						    BSD System Manager's Manual 					       PAM_OPIE(8)

NAME
pam_opie -- OPIE PAM module SYNOPSIS
[service-name] module-type control-flag pam_opie [options] DESCRIPTION
The OPIE authentication service module for PAM, pam_opie provides functionality for only one PAM category: that of authentication. In terms of the module-type parameter, this is the ``auth'' feature. It also provides a null function for session management. Note that this module does not enforce opieaccess(5) checks. There is a separate module, pam_opieaccess(8), for this purpose. OPIE Authentication Module The OPIE authentication component provides functions to verify the identity of a user (pam_sm_authenticate()), which obtains the relevant opie(4) credentials. It provides the user with an OPIE challenge, and verifies that this is correct with opiechallenge(3). The following options may be passed to the authentication module: debug syslog(3) debugging information at LOG_DEBUG level. auth_as_self This option will require the user to authenticate himself as the user given by getlogin(2), not as the account they are attempting to access. This is primarily for services like su(1), where the user's ability to retype their own password might be deemed sufficient. no_fake_prompts Do not generate fake challenges for users who do not have an OPIE key. Note that this can leak information to a hypothetical attacker about who uses OPIE and who does not, but it can be useful on systems where some users want to use OPIE but most do not. Note that pam_opie ignores the standard options try_first_pass and use_first_pass, since a challenge must be generated before the user can submit a valid response. FILES
/etc/opiekeys default OPIE password database. SEE ALSO
passwd(1), getlogin(2), opiechallenge(3), syslog(3), opie(4), pam.conf(5), pam(8) BSD
July 7, 2001 BSD

Check Out this Related Man Page

OPIEINFO(1)                                                   General Commands Manual                                                  OPIEINFO(1)

NAME
opieinfo - Extract sequence number and seed for future OPIE challenges. SYNOPSIS
opieinfo [-v] [-h] [ user_name ] DESCRIPTION
opieinfo takes an optional user name and writes the current sequence number and seed found in the OPIE key database for either the current user or the user specified. opiekey is compatible with the keyinfo(1) program from Bellcore's S/Key Version 1 except that specification of a remote system name is not permitted. opieinfo can be used to generate a listing of your future OPIE responses if you are going to be without an OPIE calculator and still need to log into the system. To do so, you would run something like: opiekey -n 42 `opieinfo` OPTIONS
-v Display the version number and compile-time options, then exit. -h Display a brief help message and exit. <user_name> The name of a user whose key information you wish to display. The default is the user running opieinfo. EXAMPLE
wintermute$ opieinfo 495 wi01309 wintermute$ FILES
/etc/opiekeys -- database of key information for the OPIE system. SEE ALSO
opie(4), opiekey(1), opiepasswd(1), opiesu(1), opielogin(1), opieftpd(8), opiekeys(5) opieaccess(5) AUTHOR
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). CONTACT
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: skey-users-request@thumper.bellcore.com 7th Edition January 10, 1995 OPIEINFO(1)
Man Page