Manual Pages  — PAM_OPIEACCESS

pam_opieaccess – OPIEAccess PAM module

SYNOPSIS DEPRECATION NOTICE DESCRIPTION OPIEAccess Authentication Module FILES SEE ALSO AUTHORS

[service-name] module-type control-flag pam_opieaccess [options]

OPIE is deprecated, and may not be available in FreeBSD 14.0 and later.

The authentication component (pam_sm_authenticate()), returns PAM_SUCCESS in two cases:

1. The user does not have OPIE enabled.
2. The user has OPIE enabled, and the remote host is listed as a trusted host in /etc/opieaccess, and the user does not have a file named amp;.opiealways in his home directory.

Otherwise, it returns PAM_AUTH_ERR.

The following options may be passed to the authentication module:

allow_local
	Normally, local logins are subjected to the same restrictions as remote logins from "localhost". This option causes pam_opieaccess to always allow local logins.
debug	syslog(3) debugging information at LOG_DEBUG level.
no_warn	suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined.

/etc/opieaccess	List of trusted hosts or networks. See opieaccess(5) for a description of its syntax.
$HOME/.opiealways
	The presence of this file makes OPIE mandatory for the user.

The pam_opieaccess module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc.amp; under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.