Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PAMOTPW(8)		    System Manager's Manual		    PAMOTPW(8)

NAME
       pam_otpw	- verify one-time passwords

SYNOPSIS
       pam_otpw	[ arguments ]

DESCRIPTION
       OTPW  is	a one-time password authentication system. It compares entered
       passwords with hash values stored in the	user's home directory  in  the
       file ~/.otpw.  Once a password was entered correctly, its hash value in
       ~/.otpw will be overwritten with	hyphens, which disables	its use	in fu-
       ture  authentication.  A	 lock file ~/.otpw.lock	prevents that the same
       password	challenge is issued on several concurrent authentication  ses-
       sions.  This  helps  to prevent an eavesdropper from copying a one-time
       password	as it is entered instantly into	a second session, in the  hope
       to  get	access	by sending the final newline character faster than the
       user could.

       Both an authentication management and a session management function are
       offered	by this	module.	The authentication function asks for and veri-
       fies one-time passwords.	The session function prints  a	message	 after
       login  that  reminds the	user of	the remaining number of	one-time pass-
       words.

ARGUMENTS
       debug  Turn on debugging	via syslog(3).

       nolock Disable locking. This option tells the  authentication  function
	      of pam_otpw.so to	ignore any existing ~/.otpw.lock lock file and
	      not to generate any. With	this option,  pam_otpw.so  will	 never
	      ask for several passwords	simultaneously.

PSEUDO-USER INSTALLATION
       If  a system pseudo user	aotpwa exists in the user database (with UID <
       1000), then the password	hash files will	not be stored  in  the	user's
       home directory. Instead of looking for ~john/.otpw.lock the file	has to
       be located in the home directory	of the	pseudo	user  aotpwa,  and  be
       named  after  the user (e.g. a/var/lib/otpw/johna). It will be accessed
       with the	effective UID and GID of that pseudo user.

AUTHOR
       The OTPW	package, which includes	the otpw-gen progam, has  been	devel-
       oped  by	 Markus	 Kuhn.	The  most  recent  version  is	available from
       <http://www.cl.cam.ac.uk/~mgk25/otpw.html>.

SEE ALSO
       otpw-gen(1), pam(8)

				  2014-08-07			    PAMOTPW(8)

NAME | SYNOPSIS | DESCRIPTION | ARGUMENTS | PSEUDO-USER INSTALLATION | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pam_otpw&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help