Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
PAM_OPIEACCESS(8)       FreeBSD System Manager's Manual      PAM_OPIEACCESS(8)

NAME
     pam_opieaccess - OPIEAccess PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_opieaccess [options]

DESCRIPTION
     The pam_opieaccess module is used in conjunction with the pam_opie(8) PAM
     module to ascertain that authentication can proceed by other means (such
     as the pam_unix(8) module) even if OPIE authentication failed.  To
     properly use this module, pam_opie(8) should be marked ``sufficient'',
     and pam_opieaccess should be listed right below it and marked
     ``requisite''.

     The pam_opieaccess module provides functionality for only one PAM
     category: authentication.  In terms of the module-type parameter, this is
     the ``auth'' feature.  It also provides null functions for the remaining
     module types.

   OPIEAccess Authentication Module
     The authentication component (pam_sm_authenticate()), returns PAM_SUCCESS
     in two cases:

     1.   The user does not have OPIE enabled.

     2.   The user has OPIE enabled, and the remote host is listed as a
          trusted host in /etc/opieaccess, and the user does not have a file
          named .opiealways in his home directory.

     Otherwise, it returns PAM_AUTH_ERR.

     The following options may be passed to the authentication module:

     allow_local      Normally, local logins are subjected to the same
                      restrictions as remote logins from ``localhost''.  This
                      option causes pam_opieaccess to always allow local
                      logins.

     debug            syslog(3) debugging information at LOG_DEBUG level.

     no_warn          suppress warning messages to the user.  These messages
                      include reasons why the user's authentication attempt
                      was declined.

FILES
     /etc/opieaccess        List of trusted hosts or networks.  See
                            opieaccess(5) for a description of its syntax.

     $HOME/.opiealways      The presence of this file makes OPIE mandatory for
                            the user.

SEE ALSO
     opie(4), opieaccess(5), pam.conf(5), pam(8), pam_opie(8)

AUTHORS
     The pam_opieaccess module and this manual page were developed for the
     FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research
     Division of Network Associates, Inc. under DARPA/SPAWAR contract
     N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research
     program.

FreeBSD 11.0-PRERELEASE        October 26, 2007        FreeBSD 11.0-PRERELEASE

NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pam_opieaccess&sektion=8&manpath=FreeBSD+10.0-RELEASE>

home | help