IPnom Home • Manuals • FreeBSD

 FreeBSD Man Pages

Man Sections:Commands (1)System Calls (2)Library Functions (3)Device Drivers (4)File Formats (5)Miscellaneous (7)System Utilities (8)
Keyword Live Search (10 results max):
 Type in part of a command in the search box.



       /etc/opieaccess - OPIE database of trusted networks


       The  opieaccess	file  contains	a list of networks that are considered
       trusted by the system as far as security  against  passive  attacks  is
       concerned.  Users from networks so trusted will be able to log in using
       OPIE responses, but not be required to do so, while users from networks
       that are not trusted will always be required to use OPIE responses (the
       default behavior). This trust allows a  site  to  have  a  more	gentle
       migration  to OPIE by allowing it to be non-mandatory for "inside" net-
       works while allowing users to choose whether they with to use  OPIE  to
       protect their passwords or not.

       The  entire  notion  of	trust  implemented in the opieaccess file is a
       major security hole because it opens your system back up  to  the  same
       passive	attacks  that  the  OPIE  system  is  designed	to protect you
       against. The opieaccess support in this version of OPIE	exists	solely
       because we believe that it is better to have it so that users who don't
       want their accounts broken into can use OPIE than  to  have  them  pre-
       vented  from doing so by users who don't want to use OPIE. In any envi-
       ronment, it should be considered a transition tool and not a  permanent
       fixture.  When  it is not being used as a transition tool, a version of
       OPIE that has been built without support for the opieaccess file should
       be built to prevent the possibility of an attacker using this file as a
       means to circumvent the OPIE software.

       The opieaccess file consists of lines containing three fields separated
       by  spaces  (tabs  are  properly interpreted, but spaces should be used
       instead) as follows:

       Field	     Description
       action	     "permit" or "deny" non-OPIE logins
       address	     Address of the network to match
       mask	     Mask of the network to match

       Subnets can be controlled by using the appropriate  address  and  mask.
       Individual hosts can be controlled by using the appropriate address and
       a mask of If no rules are matched, the default	is  to
       deny non-OPIE logins.


       ftpd(8)	login(1),  opie(4),  opiekeys(5),  opiepasswd(1), opieinfo(1),


       Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John  S.
       Walden  of  Bellcore.  OPIE was created at NRL by Randall Atkinson, Dan
       McDonald, and Craig Metz.

       S/Key is a trademark of Bell Communications Research (Bellcore).

7th Edition		       January 10, 1995 		 OPIEACCESS(5)


Man(1) output converted with man2html , sed , awk