Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Jan 2023 18:30:07 GMT
From:      Ceri Davies <ceri@FreeBSD.org>
To:        doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org
Subject:   git: 17d3881276 - main - handbook: update for OPIE removal
Message-ID:  <202301071830.307IU7NB001975@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by ceri:

URL: https://cgit.FreeBSD.org/doc/commit/?id=17d3881276393232cceb5b21e96fe61bb92da71a

commit 17d3881276393232cceb5b21e96fe61bb92da71a
Author:     Ceri Davies <ceri@FreeBSD.org>
AuthorDate: 2023-01-07 18:29:43 +0000
Commit:     Ceri Davies <ceri@FreeBSD.org>
CommitDate: 2023-01-07 18:29:43 +0000

    handbook: update for OPIE removal
---
 documentation/content/en/books/handbook/security/_index.adoc | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc
index beae8fc88e..6e8f112f74 100644
--- a/documentation/content/en/books/handbook/security/_index.adoc
+++ b/documentation/content/en/books/handbook/security/_index.adoc
@@ -451,7 +451,16 @@ Some additional settings are documented in man:security[7].
 [[one-time-passwords]]
 == One-time Passwords
 
-By default, FreeBSD includes support for One-time Passwords In Everything (OPIE).
+By default, versions of FreeBSD prior to 14.x include support for One-time Passwords In Everything (OPIE).
+
+[NOTE]
+====
+OPIE is no longer considered secure and has been removed from FreeBSD
+-CURRENT; it will not be available from 14.x onwards. If you wish to use
+OPIE on versions of FreeBSD later than 13.x, the package:security/opie[] is
+available, though not recommended.
+====
+
 OPIE is designed to prevent replay attacks, in which an attacker discovers a user's password and uses it to access a system.
 Since a password is only used once in OPIE, a discovered password is of little use to an attacker.
 OPIE uses a secure hash and a challenge/response system to manage passwords.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202301071830.307IU7NB001975>