Date: Thu, 24 Jun 2004 09:37:39 +0200 From: Didier Wiroth <didier.wiroth@mcesr.etat.lu> To: freebsd-security@freebsd.org Subject: FW: Opieaccess file, is this normal? Message-ID: <0HZS00158YISVY@mail.etat.lu>
next in thread | raw e-mail | index | archive | help
Hmm,=20 I thought using .opiealways would be the solution see: http://www.onlamp.com/pub/a/bsd/2003/02/20/FreeBSD_Basics.html Or http://people.freebsd.org/~des/diary/2002.html But I can still login with the standard password even if the opieacce= ss file is empty. -----Original Message----- =46rom: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Didier Wirot= h Sent: Thursday, June 24, 2004 09:06 To: freebsd-security@freebsd.org Subject: RE: Opieaccess file, is this normal? Hi, Here is the content of /etc/pamd/ssh, it's actually the default, I di= dn't change it. auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow= _local auth required pam_unix.so no_warn try_first_pass account required pam_unix.so session required pam_permit.so password required pam_unix.so no_warn try_first_pass =CE just want to point out the I want to keep "unix password authenti= cation" for the users whose host or network are in opieaccess. "Unix password authenication" should be disabled for all users present in opiekeys a= nd whose hosts or network is not present in opieaccess.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0HZS00158YISVY>