Opieaccess file, is this normal?
    Erick Mechler 
    emechler at techometer.net
       
    Tue Jun 22 09:34:28 PDT 2004
    
    
  
:: >From what I've read so far, if the user is present in opiekeys, the
:: opieaccess file determines if the user (coming from a specific host or
:: network) is allowed to use his unix password from this specific network. 
:: 
:: As my opieaccess file is empty and the default rule (as mentionned in the
:: man file) is deny, I should not be able to get an ssh shell with my standard
:: unix password.
OpenSSH on FreeBSD is PAM-enabled if ChallengeResponseAuthentication is set
to yes:
     ChallengeResponseAuthentication
             Specifies whether challenge-response authentication is allowed.
             Specifically, in FreeBSD, this controls the use of PAM (see
             pam(3)) for authentication.  Note that this affects the effec-
             tiveness of the PasswordAuthentication and PermitRootLogin vari-
             ables.  The default is ``yes''.
Does your /etc/pam.conf disble password authentication?
Cheers - Erick
    
    
More information about the freebsd-security
mailing list