PAM_OPIEACCESS(8) BSD System Manager's Manual PAM_OPIEACCESS(8)NAME
pam_opieaccess — OPIEAccess PAM module
SYNOPSIS
[service-name] module-type control-flag pam_opieaccess [options]
DESCRIPTION
The pam_opieaccess module is used in conjunction with the pam_opie(8) PAM
module to ascertain that authentication can proceed by other means (such
as the pam_unix(8) module) even if OPIE authentication failed. To prop‐
erly use this module, pam_opie(8) should be marked “sufficient”, and
pam_opieaccess should be listed right below it and marked “requisite”.
The pam_opieaccess module provides functionality for only one PAM cate‐
gory: authentication. In terms of the module-type parameter, this is the
“auth” feature. It also provides null functions for the remaining module
types.
OPIEAccess Authentication Module
The authentication component (pam_sm_authenticate()), returns PAM_SUCCESS
in two cases:
1. The user does not have OPIE enabled.
2. The user has OPIE enabled, and the remote host is listed as a
trusted host in /etc/opieaccess, and the user does not have a file
named .opiealways in his home directory.
Otherwise, it returns PAM_AUTH_ERR.
The following options may be passed to the authentication module:
allow_local Normally, local logins are subjected to the same restric‐
tions as remote logins from “localhost”. This option causes
pam_opieaccess to always allow local logins.
debug syslog(3) debugging information at LOG_DEBUG level.
no_warn suppress warning messages to the user. These messages
include reasons why the user's authentication attempt was
declined.
FILES
/etc/opieaccess List of trusted hosts or networks. See opieaccess(5)
for a description of its syntax.
$HOME/.opiealways The presence of this file makes OPIE mandatory for the
user.
SEE ALSOopie(4), opieaccess(5), pam.conf(5), pam(8), pam_opie(8)AUTHORS
The pam_opieaccess module and this manual page were developed for the
FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Divi‐
sion of Network Associates, Inc. under DARPA/SPAWAR contract
N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.
BSD October 26, 2007 BSD