SYNOPSIS
pam_otpw [ arguments ]DESCRIPTION
OTPW is a one-time password authentication system. It compares entered passwords with hash values stored in the user's home directory in the file ~/.otpw. Once a password was entered correctly, its hash value in ~/.otpw will be overwritten with hyphens, which disables its use in future authentication. A lock file ~/.otpw.lock prevents that the same password challenge is issued on several concurrent authentication sessions. This helps to prevent an eavesdropper from copying a one-time password as it is entered instantly into a second session, in the hope to get access by sending the final newline character faster than the user could.Both an authentication management and a session management function are offered by this module. The authentication function asks for and verifies one-time passwords. The session function prints a message after login that reminds the user of the remaining number of one-time passwords.
ARGUMENTS
- debug
- Turn on debugging via syslog(3).
- nolock
-
Disable locking. This option tells the authentication function of
pam_otpw.so
to ignore any existing
~/.otpw.lock
lock file and not to generate any. With this option,
pam_otpw.so
will never ask for several passwords simultaneously.