mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-20 23:54:38 +01:00
ae739ec469
users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed. Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work. Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs
13 lines
306 B
Plaintext
13 lines
306 B
Plaintext
#
|
|
# $FreeBSD$
|
|
#
|
|
# PAM configuration for the "imap" service
|
|
#
|
|
|
|
# auth
|
|
#auth required pam_nologin.so no_warn
|
|
#auth sufficient pam_opie.so no_warn no_fake_prompts
|
|
#auth requisite pam_opieaccess.so no_warn
|
|
#auth required pam_ssh.so no_warn try_first_pass
|
|
#auth required pam_unix.so no_warn try_first_pass
|