diff options
Diffstat (limited to 'contrib/opie/opieaccess.5')
-rw-r--r-- | contrib/opie/opieaccess.5 | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/contrib/opie/opieaccess.5 b/contrib/opie/opieaccess.5 deleted file mode 100644 index 33ab6dd47e75f..0000000000000 --- a/contrib/opie/opieaccess.5 +++ /dev/null @@ -1,87 +0,0 @@ -.\" opieaccess.5: Manual page describing the /etc/opieaccess file. -.\" -.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan -.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned -.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and -.\" License Agreement applies to this software. -.\" -.\" History: -.\" -.\" Written at NRL for OPIE 2.0. -.\" -.ll 6i -.pl 10.5i -.\" @(#)opieaccess.5 2.0 (NRL) 1/10/95 -.\" -.lt 6.0i -.TH OPIEACCESS 5 "January 10, 1995" -.AT 3 -.SH NAME -[/etc/]opieaccess \- OPIE database of trusted networks - -.SH DESCRIPTION -The -.I opieaccess -file contains a list of networks that are considered trusted by the system as -far as security against passive attacks is concerned. Users from networks so -trusted will be able to log in using OPIE responses, but not be required to -do so, while users from networks that are not trusted will always be required -to use OPIE responses (the default behavior). This trust allows a site to -have a more gentle migration to OPIE by allowing it to be non-mandatory for -"inside" networks while allowing users to choose whether they with to use OPIE -to protect their passwords or not. -.sp -The entire notion of trust implemented in the -.I opieaccess -file is a major security hole because it opens your system back up to the same -passive attacks that the OPIE system is designed to protect you against. The -.I opieaccess -support in this version of OPIE exists solely because we believe that it is -better to have it so that users who don't want their accounts broken into can -use OPIE than to have them prevented from doing so by users who don't want -to use OPIE. In any environment, it should be considered a transition tool and -not a permanent fixture. When it is not being used as a transition tool, a -version of OPIE that has been built without support for the -.I opieaccess -file should be built to prevent the possibility of an attacker using this file -as a means to circumvent the OPIE software. -.sp -The -.I opieaccess -file consists of lines containing three fields separated by spaces (tabs are -properly interpreted, but spaces should be used instead) as follows: -.PP -.nf -.ta \w' 'u -Field Description -action "permit" or "deny" non-OPIE logins -address Address of the network to match -mask Mask of the network to match -.fi - -Subnets can be controlled by using the appropriate address and mask. Individual -hosts can be controlled by using the appropriate address and a mask of -255.255.255.255. If no rules are matched, the default is to deny non-0PIE -logins. - -.SH SEE ALSO -.BR opie (4), -.BR opiekeys (5), -.BR opiepasswd (1), -.BR opieinfo (1), -.BR opiesu (1), -.BR opielogin (1), -.BR opieftpd (8) - -.SH AUTHOR -Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden -of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and -Craig Metz. - -S/Key is a trademark of Bell Communications Research (Bellcore). - -.SH CONTACT -OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, -send an email request to: -.sp -skey-users-request@thumper.bellcore.com |