From 2de07ddf809f3a6c528e3649a37601574defc6fa Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Mon, 21 Jan 2002 18:51:24 +0000
Subject: Enable OPIE by default, using the no_fake_prompts option to hide it
 from users who don't wish to use it.  If the admin is worried about leaking
 information about which users exist and which have OPIE enabled, the
 no_fake_prompts option can simply be removed.

Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file.  The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
---
 etc/pam.d/other | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'etc/pam.d/other')

diff --git a/etc/pam.d/other b/etc/pam.d/other
index f4f758c..8ef6774 100644
--- a/etc/pam.d/other
+++ b/etc/pam.d/other
@@ -6,7 +6,8 @@
 
 # auth
 auth		required	pam_nologin.so	no_warn
-#auth		required	pam_opie.so	no_warn
+auth		sufficient	pam_opie.so	no_warn no_fake_prompts
+auth		requisite	pam_opieaccess.so	no_warn
 auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
-- 
cgit v1.1