:man| Alphabetical   Categories   About us 
PAM_OPIEACCESS (8) | System administration commands and daemons | Unix Manual Pages | :man


pam_opieaccess - OPIEAccess PAM module


OPIEAccess Authentication Module
See Also


[service-name] module-type control-flag pam_opieaccess [options]


The pam_opieaccess module is used in conjunction with the pam_opie(8) PAM module to ascertain that authentication can proceed by other means (such as the pam_unix(8) module) even if OPIE authentication failed. To properly use this module, pam_opie(8) should be marked "sufficient", and pam_opieaccess should be listed right below it and marked "requisite".

The pam_opieaccess module provides functionality for only one PAM category: authentication. In terms of the module-type parameter, this is the "auth" feature. It also provides null functions for the remaining module types.

OPIEAccess Authentication Module

The authentication component (pam_sm_authenticate), returns PAM_SUCCESS in two cases:
  1. The user does not have OPIE enabled.
  2. The user has OPIE enabled, and the remote host is listed as a trusted host in /etc/opieaccess, and the user does not have a file named opiealways in his home directory.

Otherwise, it returns PAM_AUTH_ERR.

The following options may be passed to the authentication module:

allow_local Normally, local logins are subjected to the same restrictions as remote logins from "localhost". This option causes pam_opieaccess to always allow local logins.
debug syslog(3) debugging information at LOG_DEBUG level.
no_warn suppress warning messages to the user. These messages include reasons why the user’s authentication attempt was declined.


/etc/opieaccess List of trusted hosts or networks. See opieaccess(5) for a description of its syntax.


opie(4), opieaccess(5), pam.conf(5), pam(8), pam_opie(8)


Created by Blin Media, 2008-2013