search for: opiealways

Hmm, I thought using .opiealways would be the solution see: http://www.onlamp.com/pub/a/bsd/2003/02/20/FreeBSD_Basics.html Or http://people.freebsd.org/~des/diary/2002.html But I can still login with the standard password even if the opieaccess file is empty. -----Original Message----- From: owner-freebsd-security@freebsd.org [m...

...supposed to send a PAM_SUCCESS under the following conditions: <from the man page of pam_opieaccess> 1. The user does not have OPIE enabled 2. The user has OPIE enabled, and the remote host is listed as a trusted host in /etc/opieaccess, and the user does not have a file named opiealways in his home directory. </from the man page of pam_opieaccess> I read this as: If pam_opieaccess fails it returns PAM_AUTH_ERR and the authentication process should stop. However when it impent this sshd or the pam library does not take the PAM_AUTH_ERR and stop the authentication process b...