pam_opie(8)
NAME
pam_opie - OPIE PAM module
SYNOPSIS
[service-name] module-type control-flag pam_opie [options]
DESCRIPTION
- The OPIE authentication service module for PAM, pam_opie
- provides functionality for only one PAM category: that of authentication.
- In terms of
the module-type parameter, this is the ``auth'' feature. It - also provides a null function for session management.
- Note that this module does not enforce opieaccess(5) checks.
- There is a
separate module, pam_opieaccess(8), for this purpose. - OPIE Authentication Module
- The OPIE authentication component provides functions to ver
- ify the identity of a user (pam_sm_authenticate()), which obtains the
- relevant
opie(4) credentials. It provides the user with an OPIE - challenge, and
verifies that this is correct with opiechallenge(3). - The following options may be passed to the authentication
- module:
- debug syslog(3) debugging information at LOG_DE
- BUG level.
- auth_as_self This option will require the user to au
- thenticate him
self as the user given by getlogin(2), notas the
account they are attempting to access.This is primarily for services like su(1), where the user's ability
to retype their own password might bedeemed sufficient. - no_fake_prompts Do not generate fake challenges for users
- who do not
- have an OPIE key. Note that this can leak
- information
to a hypothetical attacker about who uses - OPIE and who
does not, but it can be useful on systems - where some
users want to use OPIE but most do not. - Note that pam_opie ignores the standard options
- try_first_pass and
use_first_pass, since a challenge must be generated before - the user can
submit a valid response.
FILES
/etc/opiekeys default OPIE password database.
SEE ALSO
- passwd(1), getlogin(2), opiechallenge(3), syslog(3),
- opie(4),
pam.conf(5), pam(8) - BSD July 7, 2001