freebsd security - Jun 2004 - FW: Opieaccess file, is this normal?

Hmm, 

I thought using .opiealways would be the solution see:
http://www.onlamp.com/pub/a/bsd/2003/02/20/FreeBSD_Basics.html
Or
http://people.freebsd.org/~des/diary/2002.html

But I can still login with the standard password even if the opieaccess file
is empty.

-----Original Message-----
From: owner-freebsd-security@freebsd.org
[mailto:owner-freebsd-security@freebsd.org] On Behalf Of Didier Wiroth
Sent: Thursday, June 24, 2004 09:06
To: freebsd-security@freebsd.org
Subject: RE: Opieaccess file, is this normal?

Hi,

Here is the content of /etc/pamd/ssh, it's actually the default, I
didn't
change it.

auth            required        pam_nologin.so          no_warn
auth            sufficient      pam_opie.so             no_warn
no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
auth            required        pam_unix.so             no_warn
try_first_pass
account         required        pam_unix.so
session         required        pam_permit.so
password        required        pam_unix.so             no_warn
try_first_pass

? just want to point out the I want to keep "unix password
authentication"
for the users whose host or network are in opieaccess. "Unix password
authenication" should be disabled for all users present in opiekeys and
whose hosts or network is not present in opieaccess.