1.\" Copyright (c) 2001 Mark R V Murray 2.\" All rights reserved. 3.\" Copyright (c) 2002 Networks Associates Technology, Inc. 4.\" All rights reserved. 5.\" 6.\" Portions of this software were developed for the FreeBSD Project by 7.\" ThinkSec AS and NAI Labs, the Security Research Division of Network 8.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9.\" ("CBOSS"), as part of the DARPA CHATS research program. 10.\" 11.\" Redistribution and use in source and binary forms, with or without 12.\" modification, are permitted provided that the following conditions 13.\" are met: 14.\" 1. Redistributions of source code must retain the above copyright 15.\" notice, this list of conditions and the following disclaimer. 16.\" 2. Redistributions in binary form must reproduce the above copyright 17.\" notice, this list of conditions and the following disclaimer in the 18.\" documentation and/or other materials provided with the distribution. 19.\" 3. The name of the author may not be used to endorse or promote 20.\" products derived from this software without specific prior written 21.\" permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.Dd September 15, 2022 36.Dt PAM_OPIEACCESS 8 37.Os 38.Sh NAME 39.Nm pam_opieaccess 40.Nd OPIEAccess PAM module 41.Sh SYNOPSIS 42.Op Ar service-name 43.Ar module-type 44.Ar control-flag 45.Pa pam_opieaccess 46.Op Ar options 47.Sh DEPRECATION NOTICE 48OPIE is deprecated, and may not be available in 49.Fx 14.0 50and later. 51.Sh DESCRIPTION 52The 53.Nm 54module is used in conjunction with the 55.Xr pam_opie 8 56PAM module to ascertain that authentication can proceed by other means 57(such as the 58.Xr pam_unix 8 59module) even if OPIE authentication failed. 60To properly use this module, 61.Xr pam_opie 8 62should be marked 63.Dq Li sufficient , 64and 65.Nm 66should be listed right below it and marked 67.Dq Li requisite . 68.Pp 69The 70.Nm 71module provides functionality for only one PAM category: 72authentication. 73In terms of the 74.Ar module-type 75parameter, this is the 76.Dq Li auth 77feature. 78It also provides null functions for the remaining module types. 79.Ss OPIEAccess Authentication Module 80The authentication component 81.Pq Fn pam_sm_authenticate , 82returns 83.Dv PAM_SUCCESS 84in two cases: 85.Bl -enum 86.It 87The user does not have OPIE enabled. 88.It 89The user has OPIE enabled, and the remote host is listed as a trusted 90host in 91.Pa /etc/opieaccess , 92and the user does not have a file named 93.Pa \&.opiealways 94in his home directory. 95.El 96.Pp 97Otherwise, it returns 98.Dv PAM_AUTH_ERR . 99.Pp 100The following options may be passed to the authentication module: 101.Bl -tag -width ".Cm allow_local" 102.It Cm allow_local 103Normally, local logins are subjected to the same restrictions as 104remote logins from 105.Dq localhost . 106This option causes 107.Nm 108to always allow local logins. 109.It Cm debug 110.Xr syslog 3 111debugging information at 112.Dv LOG_DEBUG 113level. 114.It Cm no_warn 115suppress warning messages to the user. 116These messages include reasons why the user's authentication attempt 117was declined. 118.El 119.Sh FILES 120.Bl -tag -width ".Pa $HOME/.opiealways" 121.It Pa /etc/opieaccess 122List of trusted hosts or networks. 123See 124.Xr opieaccess 5 125for a description of its syntax. 126.It Pa $HOME/.opiealways 127The presence of this file makes OPIE mandatory for the user. 128.El 129.Sh SEE ALSO 130.Xr opie 4 , 131.Xr opieaccess 5 , 132.Xr pam.conf 5 , 133.Xr pam 8 , 134.Xr pam_opie 8 135.Sh AUTHORS 136The 137.Nm 138module and this manual page were developed for the 139.Fx 140Project by 141ThinkSec AS and NAI Labs, the Security Research Division of Network 142Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 143.Pq Dq CBOSS , 144as part of the DARPA CHATS research program. 145