*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> opieaccess (5)              
Title
Content
Arch
Section
 

OPIEACCESS(5)

Contents

NAME    [Toc]    [Back]

       /etc/opieaccess - OPIE database of trusted networks

DESCRIPTION    [Toc]    [Back]

       The  opieaccess	file  contains	a list of networks that are considered
       trusted by the system as far as security  against  passive  attacks  is
       concerned.  Users from networks so trusted will be able to log in using
       OPIE responses, but not be required to do so, while users from networks
       that are not trusted will always be required to use OPIE responses (the
       default behavior). This trust allows a  site  to  have  a  more	gentle
       migration  to OPIE by allowing it to be non-mandatory for "inside" networks
 while allowing users to choose whether they with to use  OPIE  to
       protect their passwords or not.

       The  entire  notion  of	trust  implemented in the opieaccess file is a
       major security hole because it opens your system back up  to  the  same
       passive	attacks  that  the  OPIE  system  is  designed	to protect you
       against. The opieaccess support in this version of OPIE	exists	solely
       because we believe that it is better to have it so that users who don't
       want their accounts broken into can use OPIE than  to  have  them  prevented
  from doing so by users who don't want to use OPIE. In any environment,
 it should be considered a transition tool and not a  permanent
       fixture.  When  it is not being used as a transition tool, a version of
       OPIE that has been built without support for the opieaccess file should
       be built to prevent the possibility of an attacker using this file as a
       means to circumvent the OPIE software.

       The opieaccess file consists of lines containing three fields separated
       by  spaces  (tabs  are  properly interpreted, but spaces should be used
       instead) as follows:

       Field	     Description
       action	     "permit" or "deny" non-OPIE logins
       address	     Address of the network to match
       mask	     Mask of the network to match

       Subnets can be controlled by using the appropriate  address  and  mask.
       Individual hosts can be controlled by using the appropriate address and
       a mask of 255.255.255.255. If no rules are matched, the default	is  to
       deny non-OPIE logins.

SEE ALSO    [Toc]    [Back]

      
       
       ftpd(8)	login(1),  opie(4),  opiekeys(5),  opiepasswd(1), opieinfo(1),
       su(1),

AUTHOR    [Toc]    [Back]

       Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John  S.
       Walden  of  Bellcore.  OPIE was created at NRL by Randall Atkinson, Dan
       McDonald, and Craig Metz.

       S/Key is a trademark of Bell Communications Research (Bellcore).

CONTACT    [Toc]    [Back]

       OPIE is discussed on the Bellcore "S/Key Users" mailing list. To  join,
       send an email request to:

       skey-users-request@thumper.bellcore.com



7th Edition		       January 10, 1995 		 OPIEACCESS(5)
[ Back ]
 Similar pages
Name OS Title
opiekeys FreeBSD OPIE database of user key information
ttys HP-UX terminal control database file, for trusted systems
devassign HP-UX device assignment database file for a trusted system
setprtcent HP-UX manipulate terminal control database entry for a trusted system
enddvagent HP-UX manipulate device assignment database entry for a trusted system
putprtcnam HP-UX manipulate terminal control database entry for a trusted system
setdvagent HP-UX manipulate device assignment database entry for a trusted system
getprpwaid HP-UX manipulate protected password database entries (for trusted systems only).
putdvagnam HP-UX manipulate device assignment database entry for a trusted system
putprpwnam HP-UX manipulate protected password database entries (for trusted systems only).
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service