head	1.4;
access;
symbols;
locks; strict;
comment	@# @;


1.4
date	2002.06.19.20.01.25;	author des;	state dead;
branches;
next	1.3;

1.3
date	2002.01.21.18.51.24;	author des;	state Exp;
branches;
next	1.2;

1.2
date	2001.12.05.21.26.00;	author des;	state Exp;
branches;
next	1.1;

1.1
date	2001.12.05.21.06.21;	author des;	state Exp;
branches;
next	;


desc
@@


1.4
log
@We don't use this any more.

Sponsored by:	DARPA, NAI Labs
@
text
@#
# $FreeBSD: src/etc/pam.d/csshd,v 1.3 2002/01/21 18:51:24 des Exp $
#
# PAM configuration for the "csshd" service
#

# auth
auth		sufficient	pam_opie.so	no_warn no_fake_prompts
auth		requisite	pam_opieaccess.so	no_warn
@


1.3
log
@Enable OPIE by default, using the no_fake_prompts option to hide it from
users who don't wish to use it.  If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.

Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file.  The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
@
text
@d2 1
a2 1
# $FreeBSD: src/etc/pam.d/csshd,v 1.2 2001/12/05 21:26:00 des Exp $
@


1.2
log
@Awright, egg on my face.  I should have taken more time with this.  The
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
@
text
@d2 1
a2 1
# $FreeBSD$
d8 2
a9 1
auth		required	pam_opie.so	no_warn
@


1.1
log
@pam.d-style configuration, auto-generated from pam.conf.

Sponsored by:	DARPA, NAI Labs
@
text
@d8 1
a8 1
csshd	auth	required	pam_opie.so	no_warn
@

