opieaccess man page on FreeBSD

Man page or keyword search:  
man Server   9747 pages
apropos Keyword Search (all sections)
Output format
FreeBSD logo
[printable version]

OPIEACCESS(5)				       OPIEACCESS(5)

NAME
       /etc/opieaccess - OPIE database of trusted networks

DESCRIPTION
       The  opieaccess file contains a list of networks that
       are considered trusted by the system as far as  secu‐
       rity against passive attacks is concerned. Users from
       networks so trusted will be able to log in using OPIE
       responses,  but not be required to do so, while users
       from networks that are not  trusted  will  always  be
       required	 to  use  OPIE responses (the default behav‐
       ior). This trust allows a site to have a more  gentle
       migration  to OPIE by allowing it to be non-mandatory
       for "inside" networks while allowing users to  choose
       whether	they with to use OPIE to protect their pass‐
       words or not.

       The entire notion of trust implemented in the opieac‐
       cess  file  is a major security hole because it opens
       your system back up to the same passive attacks	that
       the  OPIE  system is designed to protect you against.
       The opieaccess support in this version of OPIE exists
       solely  because	we believe that it is better to have
       it so that users who don't want their accounts broken
       into  can  use  OPIE than to have them prevented from
       doing so by users who don't want to use OPIE. In	 any
       environment,  it	 should	 be  considered a transition
       tool and not a permanent	 fixture.  When	 it  is	 not
       being  used  as	a transition tool, a version of OPIE
       that has been built without support for	the  opieac‐
       cess  file should be built to prevent the possibility
       of an attacker using this file as a means to  circum‐
       vent the OPIE software.

       The  opieaccess	file  consists	of  lines containing
       three fields separated by spaces (tabs  are  properly
       interpreted,  but  spaces  should be used instead) as
       follows:

       Field	     Description
       action	     "permit" or "deny" non-OPIE logins
       address	     Address of the network to match
       mask	     Mask of the network to match

       Subnets can be controlled by  using  the	 appropriate
       address	and mask. Individual hosts can be controlled
       by using	 the  appropriate  address  and	 a  mask  of
       255.255.255.255. If no rules are matched, the default
       is to deny non-OPIE logins.

SEE ALSO
       ftpd(8)	   login(1),	  opie(4),	opiekeys(5),
       opiepasswd(1), opieinfo(1), su(1),

AUTHOR
       Bellcore's  S/Key  was  written by Phil Karn, Neil M.
       Haller, and John S. Walden of Bellcore. OPIE was cre‐
       ated  at	 NRL  by Randall Atkinson, Dan McDonald, and
       Craig Metz.

       S/Key is a trademark of Bell Communications  Research
       (Bellcore).

CONTACT
       OPIE is discussed on the Bellcore "S/Key Users" mail‐
       ing list. To join, send an email request to:

       skey-users-request@thumper.bellcore.com

7th Edition	      January 10, 1995	       OPIEACCESS(5)
[top]

List of man pages available for FreeBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
...................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net