GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
PAMOTPW(8) FreeBSD System Manager's Manual PAMOTPW(8)

pam_otpw - verify one-time passwords

pam_otpw [ arguments ]

OTPW is a one-time password authentication system. It compares entered passwords with hash values stored in the user's home directory in the file ~/.otpw. Once a password was entered correctly, its hash value in ~/.otpw will be overwritten with hyphens, which disables its use in future authentication. A lock file ~/.otpw.lock prevents that the same password challenge is issued on several concurrent authentication sessions. This helps to prevent an eavesdropper from copying a one-time password as it is entered instantly into a second session, in the hope to get access by sending the final newline character faster than the user could.

Both an authentication management and a session management function are offered by this module. The authentication function asks for and verifies one-time passwords. The session function prints a message after login that reminds the user of the remaining number of one-time passwords.

debug
Turn on debugging via syslog(3).
nolock
Disable locking. This option tells the authentication function of pam_otpw.so to ignore any existing ~/.otpw.lock lock file and not to generate any. With this option, pam_otpw.so will never ask for several passwords simultaneously.

If a system pseudo user “otpw” exists in the user database (with UID < 1000), then the password hash files will not be stored in the user's home directory. Instead of looking for ~john/.otpw.lock the file has to be located in the home directory of the pseudo user “otpw”, and be named after the user (e.g. “/var/lib/otpw/john”). It will be accessed with the effective UID and GID of that pseudo user.

The OTPW package, which includes the otpw-gen progam, has been developed by Markus Kuhn. The most recent version is available from <http://www.cl.cam.ac.uk/~mgk25/otpw.html>.

otpw-gen(1), pam(8)
2014-08-07

Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.