Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
PAM_OPIE(8)		FreeBSD	System Manager's Manual		   PAM_OPIE(8)

NAME
     pam_opie -- OPIE PAM module

SYNOPSIS
     [service-name] module-type	control-flag pam_opie [options]

DESCRIPTION
     The OPIE authentication service module for	PAM, pam_opie provides func-
     tionality for only	one PAM	category: that of authentication.  In terms of
     the module-type parameter,	this is	the ``auth'' feature.  It also pro-
     vides a null function for session management.

     Note that this module does	not enforce opieaccess(5) checks.  There is a
     separate module, pam_opieaccess(8), for this purpose.

   OPIE	Authentication Module
     The OPIE authentication component provides	functions to verify the	iden-
     tity of a user (pam_sm_authenticate()), which obtains the relevant
     opie(4) credentials.  It provides the user	with an	OPIE challenge,	and
     verifies that this	is correct with	opiechallenge(3).

     The following options may be passed to the	authentication module:

     debug	   syslog(3) debugging information at LOG_DEBUG	level.

     auth_as_self  This	option will require the	user to	authenticate himself
		   as the user given by	getlogin(2), not as the	account	they
		   are attempting to access.  This is primarily	for services
		   like	su(1), where the user's	ability	to retype their	own
		   password might be deemed sufficient.

     no_fake_prompts
		   Do not generate fake	challenges for users who do not	have
		   an OPIE key.	 Note that this	can leak information to	a
		   hypothetical	attacker about who uses	OPIE and who does not,
		   but it can be useful	on systems where some users want to
		   use OPIE but	most do	not.

     Note that pam_opie	ignores	the standard options try_first_pass and
     use_first_pass, since a challenge must be generated before	the user can
     submit a valid response.

FILES
     /etc/opiekeys  default OPIE password database.

SEE ALSO
     passwd(1),	getlogin(2), opiechallenge(3), syslog(3), opie(4),
     pam.conf(5), pam(8)

FreeBSD	10.1			 July 7, 2001			  FreeBSD 10.1

NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pam_opie&sektion=8&manpath=FreeBSD+10.1-RELEASE>

home | help