syslog(3) debugging information at LOG_DEBUG level.
This option will require the user to authenticate himself as the user given by getlogin(2), not as the account they are attempting to access. This is primarily for services like su(1), where the users ability to retype their own password might be deemed sufficient.
Do not generate fake challenges for users who do not have an OPIE key. Note that this can leak information to a hypothetical attacker about who uses OPIE and who does not, but it can be useful on systems where some users want to use OPIE but most do not.
Note that pam_opie ignores the standard options try_first_pass and use_first_pass, since a challenge must be generated before the user can submit a valid response.