git: 17d3881276 - main - handbook: update for OPIE removal
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 07 Jan 2023 18:30:07 UTC
The branch main has been updated by ceri:
URL: https://cgit.FreeBSD.org/doc/commit/?id=17d3881276393232cceb5b21e96fe61bb92da71a
commit 17d3881276393232cceb5b21e96fe61bb92da71a
Author: Ceri Davies <ceri@FreeBSD.org>
AuthorDate: 2023-01-07 18:29:43 +0000
Commit: Ceri Davies <ceri@FreeBSD.org>
CommitDate: 2023-01-07 18:29:43 +0000
handbook: update for OPIE removal
---
documentation/content/en/books/handbook/security/_index.adoc | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc
index beae8fc88e..6e8f112f74 100644
--- a/documentation/content/en/books/handbook/security/_index.adoc
+++ b/documentation/content/en/books/handbook/security/_index.adoc
@@ -451,7 +451,16 @@ Some additional settings are documented in man:security[7].
[[one-time-passwords]]
== One-time Passwords
-By default, FreeBSD includes support for One-time Passwords In Everything (OPIE).
+By default, versions of FreeBSD prior to 14.x include support for One-time Passwords In Everything (OPIE).
+
+[NOTE]
+====
+OPIE is no longer considered secure and has been removed from FreeBSD
+-CURRENT; it will not be available from 14.x onwards. If you wish to use
+OPIE on versions of FreeBSD later than 13.x, the package:security/opie[] is
+available, though not recommended.
+====
+
OPIE is designed to prevent replay attacks, in which an attacker discovers a user's password and uses it to access a system.
Since a password is only used once in OPIE, a discovered password is of little use to an attacker.
OPIE uses a secure hash and a challenge/response system to manage passwords.