search for: pam_opieaccess

...a 'requisite' module fails. I find this strange as the pam 'requisite' is defined in the man pages as: requisite - failure of such a PAM results in the immediate termination of the authentication process; Here is what I did. I've setup opie for my account. I've configured pam_opieaccess (/etc/opieaccess) to allow my home network to use static passwords: permit 10.0.0.0 255.255.255.0 And in /etc/pam.conf I added: sshd auth required pam_opie.so sshd auth requisite pam_opieaccess.so sshd auth required /usr/lib/pam_krb5.so.1 try_first_pass forwa...

...nyone could help me with this problem it would be greatly appreciated!!! Thanks, Jeff Meyer The smb.conf and pam.conf files that I am using are below. pam.conf login auth sufficient pam_skey.so login auth sufficient pam_opie.so no_fake_prompts #login auth required pam_opieaccess.so login auth requisite pam_cleartext_pass_ok.so #login auth sufficient pam_kerberosIV.so try_first_pass #login auth sufficient pam_krb5.so try_first_pass login auth required pam_unix.so try_first_pass login account required pam_unix.so login pass...

...yes printable = no writeable = yes Pam.conf auth required pam_nologin.so no_warn auth sufficient pam_winbind.so auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account #account re...

...the /etc/pam.conf file like this (settings for ssh) : sshd auth sufficient pam_skey.so sshd auth sufficient pam_opie.so no_fake_prompts #this line is added by me sshd auth sufficient /usr/local/lib/pam_winbind.so #sshd auth requisite pam_opieaccess.so #sshd auth sufficient pam_kerberosIV.so try_first_pass #sshd auth sufficient pam_krb5.so try_first_pass sshd auth required pam_unix.so try_first_pass sshd account required pam_unix.so #this line is a...

...elete user from group script = /usr/sbin/deluser %u %g delete group script = /usr/sbin/pw groupdel %g and here is my PAM stack for /etc/pam.d/system # System-wide defaults # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_winbind.so try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix....

...es read only = No browseable = No Here's the /etc/pam.d/system file: # # $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.4.1 2010/06/14 02:09:06 kensmith Exp $ # # System-wide defaults # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_winbind.so mkhomedir=yes #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first...

...s hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files # more /etc/pam.d/sshd # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_winbind.so try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam...

...has been discussed on this list previously: http://www.gossamer-threads.com/lists/openssh/dev/47179?search_string=match%20challengeresponseauthentication;#47179 More specifically, I would like to allow PAM authentication from the Internet only for users which I know use OPIE (that's because pam_opieaccess isn't flexible enough for this). That would be something like this: ChallengeResponseAuthentication no Match Address 10.0.0.0/8 ChallengeResponseAuthentication yes Match User miguel ChallengeResponseAuthentication yes However, ChallengeResponseAuthentication can't be used within Matc...

...s file, is this normal? Hi, Here is the content of /etc/pamd/ssh, it's actually the default, I didn't change it. auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass account required pam_unix.so session required pam_permit.so password required pam_unix.so no_warn try_first_pass ? just want to point...

...appreciated. Regards, Mike # /etc/pam.d/sshd auth sufficient /usr/local/samba/lib/security/pam_winbind.so auth sufficient pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_unix.so no_warn try_first_pass account sufficient /usr/local/samba/lib/security/pam_winbind.so account required pam_unix.so session required pam_permit.so password required...

...dns winbind networks: files passwd: compat winbind passwd_compat: nis shells: files and finally my /etc/pam.d/sshd # auth auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth required pam_unix.so no_warn try_first_pass #tfa auth sufficient...

...dns winbind networks: files passwd: compat winbind passwd_compat: nis shells: files and finally my /etc/pam.d/sshd # auth auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth required pam_unix.so no_warn try_first_pass #tfa auth sufficient...

...********copy end*********************** /etc/pam.d/system ****************copy start************************* # auth auth sufficient /usr/lib/pam_winbind.so try_first_pass auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account account...

...? Note, that Blake is a Windows 2000 server... Another change I did was modifying the /etc/pam.d/system to make both unix and krb5 sufficient: --- /usr/src/etc/pam.d/system Sat Jun 14 08:35:05 2003 +++ /etc/pam.d/system Fri Jan 28 20:29:06 2005 @@ -9,5 +9,5 @@ auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass +auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass -auth required p...

...security = domain And your /etc/pam.d/sshd should look like this: # auth auth sufficient pam_winbind.so auth sufficient pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_unix.so no_warn try_first_pass account sufficient pam_winbind.so account required pam_unix.so session required pam_permit.so password required pam_unix.so no_w...

...ried /usr/lib/compat too, but that shouldn't matter. I edited {pam.conf,pam.d/ftpd} to create entries for my FTP server, that looked like: auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_winbind.so debug try_first_pass auth required pam_unix.so no_warn try_first_pass account sufficient pam_winbind.so debug account required pam_unix.so session required pam_permit....

...ill dovecot-auth: in openpam_load_module(): no pam_nologin.so found Sep 2 08:25:10 hill dovecot-auth: in openpam_load_module(): no pam_unix.so found Sep 2 08:25:11 hill dovecot-auth: in openpam_load_module(): no pam_unix.so found Sep 2 08:25:20 hill dovecot-auth: in openpam_load_module(): no pam_opieaccess.so found Sep 2 08:25:20 hill dovecot-auth: in openpam_load_module(): no pam_opie.so found Sep 2 08:25:51 hill kernel: Sep 2 08:25:51 hill last message repeated 12 times Sep 2 08:27:52 hill kernel: Sep 2 08:27:52 hill last message repeated 37 times Sep 2 08:38:01 hill kernel: Sep 2 08:38:0...

...configuration for the "sshd" service # # auth #sshd auth required pam_radius.so -update -/usr/local/etc/radius #auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth required pam_unix.so no_warn try_first_pass # account #account req...

Hi, I'm trying to setup one-time passwords on freebsd5.2.1 >From what I've read so far, if the user is present in opiekeys, the opieaccess file determines if the user (coming from a specific host or network) is allowed to use his unix password from this specific network. As my opieaccess file is empty and the default rule (as mentionned in the man file) is deny, I should not be

...pam.d/sshd # # $FreeBSD: releng/9.0/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $ # # PAM configuration for the "sshd" service # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth sufficient /usr/local/lib/pam_winbind.so auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth sufficient /usr/local/lib/pam_winbind.so auth required pam_unix.so no_warn try_first_pass # account account sufficie...