Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
PAM_OPIE(8)             FreeBSD System Manager's Manual            PAM_OPIE(8)

NAME
     pam_opie - OPIE PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_opie [options]

DESCRIPTION
     The OPIE authentication service module for PAM, pam_opie provides
     functionality for only one PAM category: that of authentication.  In
     terms of the module-type parameter, this is the ``auth'' feature.  It
     also provides a null function for session management.

     Note that this module does not enforce opieaccess(5) checks.  There is a
     separate module, pam_opieaccess(8), for this purpose.

   OPIE Authentication Module
     The OPIE authentication component provides functions to verify the
     identity of a user (pam_sm_authenticate()), which obtains the relevant
     opie(4) credentials.  It provides the user with an OPIE challenge, and
     verifies that this is correct with opiechallenge(3).

     The following options may be passed to the authentication module:

     debug             syslog(3) debugging information at LOG_DEBUG level.

     auth_as_self      This option will require the user to authenticate
                       himself as the user given by getlogin(2), not as the
                       account they are attempting to access.  This is
                       primarily for services like su(1), where the user's
                       ability to retype their own password might be deemed
                       sufficient.

     no_fake_prompts   Do not generate fake challenges for users who do not
                       have an OPIE key.  Note that this can leak information
                       to a hypothetical attacker about who uses OPIE and who
                       does not, but it can be useful on systems where some
                       users want to use OPIE but most do not.

     Note that pam_opie ignores the standard options try_first_pass and
     use_first_pass, since a challenge must be generated before the user can
     submit a valid response.

FILES
     /etc/opiekeys      default OPIE password database.

SEE ALSO
     passwd(1), getlogin(2), opiechallenge(3), syslog(3), opie(4),
     pam.conf(5), pam(8)

FreeBSD 11.0-PRERELEASE          July 7, 2001          FreeBSD 11.0-PRERELEASE

NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pam_opie&manpath=FreeBSD+9.2-RELEASE>

home | help