From 2de07ddf809f3a6c528e3649a37601574defc6fa Mon Sep 17 00:00:00 2001 From: des Date: Mon, 21 Jan 2002 18:51:24 +0000 Subject: Enable OPIE by default, using the no_fake_prompts option to hide it from users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed. Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work. Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs --- etc/pam.d/pop3 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'etc/pam.d/pop3') diff --git a/etc/pam.d/pop3 b/etc/pam.d/pop3 index 0cc10fb..3657f12 100644 --- a/etc/pam.d/pop3 +++ b/etc/pam.d/pop3 @@ -6,6 +6,7 @@ # auth #auth required pam_nologin.so no_warn -#auth required pam_opie.so no_warn +#auth sufficient pam_opie.so no_warn no_fake_prompts +#auth requisite pam_opieaccess.so no_warn #auth required pam_ssh.so no_warn try_first_pass #auth required pam_unix.so no_warn try_first_pass -- cgit v1.1