Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   9747 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PAM_OPIEACCESS(8)	  BSD System Manager's Manual	     PAM_OPIEACCESS(8)

NAME
     pam_opieaccess — OPIEAccess PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_opieaccess [options]

DESCRIPTION
     The pam_opieaccess module is used in conjunction with the pam_opie(8) PAM
     module to ascertain that authentication can proceed by other means (such
     as the pam_unix(8) module) even if OPIE authentication failed.  To prop‐
     erly use this module, pam_opie(8) should be marked “sufficient”, and
     pam_opieaccess should be listed right below it and marked “requisite”.

     The pam_opieaccess module provides functionality for only one PAM cate‐
     gory: authentication.  In terms of the module-type parameter, this is the
     “auth” feature.  It also provides null functions for the remaining module
     types.

   OPIEAccess Authentication Module
     The authentication component (pam_sm_authenticate()), returns PAM_SUCCESS
     in two cases:

     1.	  The user does not have OPIE enabled.

     2.	  The user has OPIE enabled, and the remote host is listed as a
	  trusted host in /etc/opieaccess, and the user does not have a file
	  named .opiealways in his home directory.

     Otherwise, it returns PAM_AUTH_ERR.

     The following options may be passed to the authentication module:

     allow_local  Normally, local logins are subjected to the same restric‐
		  tions as remote logins from “localhost”.  This option causes
		  pam_opieaccess to always allow local logins.

     debug	  syslog(3) debugging information at LOG_DEBUG level.

     no_warn	  suppress warning messages to the user.  These messages
		  include reasons why the user's authentication attempt was
		  declined.

FILES
     /etc/opieaccess	List of trusted hosts or networks.  See opieaccess(5)
			for a description of its syntax.

     $HOME/.opiealways	The presence of this file makes OPIE mandatory for the
			user.

SEE ALSO
     opie(4), opieaccess(5), pam.conf(5), pam(8), pam_opie(8)

AUTHORS
     The pam_opieaccess module and this manual page were developed for the
     FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Divi‐
     sion of Network Associates, Inc. under DARPA/SPAWAR contract
     N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.

BSD			       October 26, 2007				   BSD

Vote for polarhome