Date: Thu, 24 Jun 2004 09:37:39 +0200 From: Didier Wiroth <didier.wiroth@mcesr.etat.lu> To: freebsd-security@freebsd.org Subject: FW: Opieaccess file, is this normal? Message-ID: <0HZS00158YISVY@mail.etat.lu>
index | next in thread | raw e-mail
Hmm, I thought using .opiealways would be the solution see: http://www.onlamp.com/pub/a/bsd/2003/02/20/FreeBSD_Basics.html Or http://people.freebsd.org/~des/diary/2002.html But I can still login with the standard password even if the opieaccess file is empty. -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Didier Wiroth Sent: Thursday, June 24, 2004 09:06 To: freebsd-security@freebsd.org Subject: RE: Opieaccess file, is this normal? Hi, Here is the content of /etc/pamd/ssh, it's actually the default, I didn't change it. auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass account required pam_unix.so session required pam_permit.so password required pam_unix.so no_warn try_first_pass Î just want to point out the I want to keep "unix password authentication" for the users whose host or network are in opieaccess. "Unix password authenication" should be disabled for all users present in opiekeys and whose hosts or network is not present in opieaccess.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0HZS00158YISVY>