5 messages in org.freebsd.freebsd-securityFW: Opieaccess file, is this normal?| From | Sent On | Attachments |
|---|---|---|
| Didier Wiroth | Jun 22, 2004 3:56 pm | |
| Erick Mechler | Jun 22, 2004 4:34 pm | |
| Didier Wiroth | Jun 24, 2004 7:05 am | |
| Didier Wiroth | Jun 24, 2004 7:37 am | |
| Jilles Tjoelker | Jun 24, 2004 1:59 pm |
| Subject: | FW: Opieaccess file, is this normal? | |
|---|---|---|
| From: | Didier Wiroth (didi...@mcesr.etat.lu) | |
| Date: | Jun 24, 2004 7:37:44 am | |
| List: | org.freebsd.freebsd-security | |
Hmm,
I thought using .opiealways would be the solution see: http://www.onlamp.com/pub/a/bsd/2003/02/20/FreeBSD_Basics.html Or http://people.freebsd.org/~des/diary/2002.html
But I can still login with the standard password even if the opieaccess file is empty.
-----Original Message----- From: owne...@freebsd.org [mailto:owne...@freebsd.org] On Behalf Of Didier Wiroth Sent: Thursday, June 24, 2004 09:06 To: free...@freebsd.org Subject: RE: Opieaccess file, is this normal?
Hi,
Here is the content of /etc/pamd/ssh, it's actually the default, I didn't change it.
auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass account required pam_unix.so session required pam_permit.so password required pam_unix.so no_warn try_first_pass
? just want to point out the I want to keep "unix password authentication" for the users whose host or network are in opieaccess. "Unix password authenication" should be disabled for all users present in opiekeys and whose hosts or network is not present in opieaccess.