NAME
pam_otpw - verify one-time passwords
SYNOPSIS
pam_otpw [ arguments ]
DESCRIPTION
OTPW is a one-time password authentication system. It compares entered
passwords with hash values stored in the user’s home directory in the
file ~/.otpw. Once a password was entered correctly, its hash value in
~/.otpw will be overwritten with hyphens, which disables its use in
future authentication. A lock file ~/.otpw.lock prevents that the same
password challenge is issued on several concurrent authentication
sessions. This helps to prevent an eavesdropper from copying a one-time
password as it is entered instantly into a second session, in the hope
to get access by sending the final newline character faster than the
user could.
Both an authentication management and a session management function are
offered by this module. The authentication function asks for and
verifies one-time passwords. The session function prints a message
after login that reminds the user of the remaining number of one-time
passwords.
ARGUMENTS
debug Turn on debugging via syslog(3).
nolock Disable locking. This option tells the authentication function
of pam_otpw.so to ignore any existing ~/.otpw.lock lock file and
not to generate any. With this option, pam_otpw.so will never
ask for several passwords simultaneously.
AUTHOR
The OTPW package, which includes the otpw-gen progam, has been
developed by Markus Kuhn. The most recent version is available from
<http://www.cl.cam.ac.uk/~mgk25/otpw.html>.
SEE ALSO
otpw-gen(1), pam(8)
2003-09-30 PAMOTPW(8)