DragonFly On-Line Manual Pages

PAM_OCRA(8)            DragonFly System Manager's Manual           PAM_OCRA(8)

NAME
     pam_ocra - RFC6287 OCRA: OATH Challenge-Response Algorithm PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_ocra [options]

DESCRIPTION
     The OCRA service module for PAM, pam_ocra provides functionality for only
     one PAM category: authentication.  In terms of the module-type parameter,
     this is the "auth" feature.  It also provides null functions for the
     remaining module types.

   OCRA Authentication Module
     The OCRA authentication component (pam_sm_authenticate()) obtains OCRA
     credentials from the the per-user file ~/.ocra.  If this fails and the
     dir parameter is set, directory/USERNAME will be used. It then provides
     the user with an OCRA challenge and verifies the response.

     The following options may be passed to the authentication module:

     dir=directory
                   directory to search for OCRA credentials.

     fake_prompt=suite_string
                   Use suite_string to generate fake challenges for users who
                   do not have OCRA credentials.  Note that if this option is
                   not set, no fake challenges will be generated which can
                   leak information to a hypothetical attacker about who uses
                   OCRA and who does not.

FILES
     ~/.ocra
     OCRA credential file

SEE ALSO
     pam.conf(5), pam(8), ocra_tool(8)

STANDARDS
           RFC6287   OCRA: OATH Challenge-Response Algorithm

AUTHORS
     The pam_ocra module and this manual page were developed by Stefan
     Grundmann

DragonFly 6.5-DEVELOPMENT     September 30, 2014     DragonFly 6.5-DEVELOPMENT