FW: Opieaccess file, is this normal?
Didier Wiroth
didier.wiroth at mcesr.etat.lu
Thu Jun 24 00:38:01 PDT 2004
Hmm,
I thought using .opiealways would be the solution see:
http://www.onlamp.com/pub/a/bsd/2003/02/20/FreeBSD_Basics.html
Or
http://people.freebsd.org/~des/diary/2002.html
But I can still login with the standard password even if the opieaccess file
is empty.
-----Original Message-----
From: owner-freebsd-security at freebsd.org
[mailto:owner-freebsd-security at freebsd.org] On Behalf Of Didier Wiroth
Sent: Thursday, June 24, 2004 09:06
To: freebsd-security at freebsd.org
Subject: RE: Opieaccess file, is this normal?
Hi,
Here is the content of /etc/pamd/ssh, it's actually the default, I didn't
change it.
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth required pam_unix.so no_warn
try_first_pass
account required pam_unix.so
session required pam_permit.so
password required pam_unix.so no_warn
try_first_pass
Î just want to point out the I want to keep "unix password authentication"
for the users whose host or network are in opieaccess. "Unix password
authenication" should be disabled for all users present in opiekeys and
whose hosts or network is not present in opieaccess.
More information about the freebsd-security
mailing list