Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

opieaccess(5) [osx man page]

OPIEACCESS(5)							File Formats Manual						     OPIEACCESS(5)

NAME
[/etc/]opieaccess - OPIE database of trusted networks DESCRIPTION
The opieaccess file contains a list of networks that are considered trusted by the system as far as security against passive attacks is concerned. Users from networks so trusted will be able to log in using OPIE responses, but not be required to do so, while users from net- works that are not trusted will always be required to use OPIE responses (the default behavior). This trust allows a site to have a more gentle migration to OPIE by allowing it to be non-mandatory for "inside" networks while allowing users to choose whether they with to use OPIE to protect their passwords or not. The entire notion of trust implemented in the opieaccess file is a major security hole because it opens your system back up to the same passive attacks that the OPIE system is designed to protect you against. The opieaccess support in this version of OPIE exists solely because we believe that it is better to have it so that users who don't want their accounts broken into can use OPIE than to have them pre- vented from doing so by users who don't want to use OPIE. In any environment, it should be considered a transition tool and not a permanent fixture. When it is not being used as a transition tool, a version of OPIE that has been built without support for the opieaccess file should be built to prevent the possibility of an attacker using this file as a means to circumvent the OPIE software. The opieaccess file consists of lines containing three fields separated by spaces (tabs are properly interpreted, but spaces should be used instead) as follows: Field Description action "permit" or "deny" non-OPIE logins address Address of the network to match mask Mask of the network to match Subnets can be controlled by using the appropriate address and mask. Individual hosts can be controlled by using the appropriate address and a mask of 255.255.255.255. If no rules are matched, the default is to deny non-OPIE logins. SEE ALSO
opie(4), opiekeys(5), opiepasswd(1), opieinfo(1), opiesu(1), opielogin(1), opieftpd(8) AUTHOR
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). CONTACT
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: skey-users-request@thumper.bellcore.com 7th Edition January 10, 1995 OPIEACCESS(5)

Check Out this Related Man Page

OPIEINFO(1)                                                   General Commands Manual                                                  OPIEINFO(1)

NAME
opieinfo - Extract sequence number and seed for future OPIE challenges. SYNOPSIS
opieinfo [-v] [-h] [ user_name ] DESCRIPTION
opieinfo takes an optional user name and writes the current sequence number and seed found in the OPIE key database for either the current user or the user specified. opiekey is compatible with the keyinfo(1) program from Bellcore's S/Key Version 1 except that specification of a remote system name is not permitted. opieinfo can be used to generate a listing of your future OPIE responses if you are going to be without an OPIE calculator and still need to log into the system. To do so, you would run something like: opiekey -n 42 `opieinfo` OPTIONS
-v Display the version number and compile-time options, then exit. -h Display a brief help message and exit. <user_name> The name of a user whose key information you wish to display. The default is the user running opieinfo. EXAMPLE
wintermute$ opieinfo 495 wi01309 wintermute$ FILES
/etc/opiekeys -- database of key information for the OPIE system. SEE ALSO
opie(4), opiekey(1), opiepasswd(1), opiesu(1), opielogin(1), opieftpd(8), opiekeys(5) opieaccess(5) AUTHOR
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). CONTACT
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to: skey-users-request@thumper.bellcore.com 7th Edition January 10, 1995 OPIEINFO(1)
Man Page