From owner-man-jp-reviewer@jp.FreeBSD.org Mon Oct  7 14:06:24 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g9756OZ23879;
	Mon, 7 Oct 2002 14:06:24 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g9756N323874
	for <man-jp-reviewer@jp.FreeBSD.org>; Mon, 7 Oct 2002 14:06:24 +0900 (JST)
	(envelope-from horikawa@jp.FreeBSD.org)
Received: from localhost ([12.252.35.167]) by rwcrmhc52.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20021007050618.HOKY9928.rwcrmhc52.attbi.com@localhost>
          for <man-jp-reviewer@jp.FreeBSD.org>;
          Mon, 7 Oct 2002 05:06:18 +0000
Message-Id: <20021006.230617.85416272.horikawa@attbi.com>
To: man-jp-reviewer@jp.FreeBSD.org
From: Kazuo Horikawa <horikawa@jp.FreeBSD.org>
X-Mailer: Mew version 2.2 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: man-jp-reviewer@jp.FreeBSD.org
Precedence: list
Date: Sun, 06 Oct 2002 23:06:17 -0600
X-Sequence: man-jp-reviewer 4267
Subject: [man-jp-reviewer 4267] pam_opie.8
Errors-To: owner-man-jp-reviewer@jp.FreeBSD.org
Sender: owner-man-jp-reviewer@jp.FreeBSD.org
X-Originator: horikawa@jp.FreeBSD.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020902

$BKY@n$G$9!#(B

pam_opie.8 $B$NK]Lu$G$9!#(B

--- pam_opie.8~	Sun Oct  6 20:21:21 2002
+++ pam_opie.8	Sun Oct  6 21:40:53 2002
@@ -38,77 +38,74 @@
 .\" jpman %Id: pam_opie.8,v 0.0 2002/07/21 02:09:05 horikawa Stab %
 .Dt PAM_OPIE 8
 .Os
-.Sh NAME
+.Sh $BL>>N(B
 .Nm pam_opie
-.Nd OPIE PAM module
-.Sh SYNOPSIS
+.Nd OPIE PAM $B%b%8%e!<%k(B
+.Sh $B=q<0(B
 .Op Ar service-name
 .Ar module-type
 .Ar control-flag
 .Pa pam_opie
 .Op Ar options
-.Sh DESCRIPTION
-The OPIE authentication service module for PAM,
+.Sh $B2r@b(B
+PAM $B$N(B OPIE $BG'>Z%5!<%S%9%b%8%e!<%k$G$"$k(B
 .Nm
-provides functionality for only one PAM category:
-that of authentication.
-In terms of the
+$B$O!"C10l$N(B PAM $B%+%F%4%j$KBP$7$F$N$_5!G=$rDs6!$7$^$9!#(B
+$B$9$J$o$A!"G'>Z$K4X$7$F$N$_$G$9!#(B
 .Ar module-type
-parameter, this is the
+$B$N%Q%i%a!<%?Cf$G$O!"$3$l$O(B
 .Dq Li auth
-feature.
-It also provides a null function for session management.
+$B5!G=$H$J$j$^$9!#(B
+$B%;%C%7%g%s4IM}5!G=$K4X$7$F$O!"6u$N5!G=$rDs6!$7$^$9!#(B
 .Pp
-Note that this module does not enforce
+$B$3$N%b%8%e!<%k$O(B
 .Xr opieaccess 5
-checks.
-There is a separate module,
-.Xr pam_opieaccess 8 ,
-for this purpose.
-.Ss OPIE Authentication Module
-The OPIE authentication component
-provides functions to verify the identity of a user
-.Pq Fn pam_sm_authenticate ,
-which obtains the relevant
+$B%A%'%C%/$r6/@)$7$J$$$3$H$KCm0U$7$F$/$@$5$$!#(B
+$B$3$NL\E*$N$?$a$K$O!"JL%b%8%e!<%k(B
+.Xr pam_opieaccess 8
+$B$,$"$j$^$9!#(B
+.Ss OPIE $BG'>Z%b%8%e!<%k(B
+OPIE $BG'>Z%3%s%]!<%M%s%H$O!"%f!<%6$N<1JL>pJs$,@5$7$$$3$H$r3NG'$9$k5!G=(B
+.Pq Fn pam_sm_authenticate
+$B$rDs6!$7$^$9!#(B
+$B$3$N5!G=$O!"E,@Z$J(B
 .Xr opie 4
-credentials.
-It provides the user with an OPIE challenge,
-and verifies that this is correct with
-.Xr opiechallenge 3 .
+$B;q3J$r3MF@$7$^$9!#(B
+$B$3$N5!G=$O!"%f!<%6$KBP$7$F(B OPIE $B%A%c%l%s%8$rM?$(!"(B
+.Xr opiechallenge 3
+$B$r;HMQ$7$F$3$N@5$7$5$r3NG'$7$^$9!#(B
 .Pp
-The following options may be passed to the authentication module:
+$B<!$N%*%W%7%g%s$rG'>Z%b%8%e!<%k$KEO$9$3$H$,2DG=$G$9(B:
 .Bl -tag -width ".Cm auth_as_self"
 .It Cm debug
-.Xr syslog 3
-debugging information at
 .Dv LOG_DEBUG
-level.
+$B%l%Y%k$G$N(B
+.Xr syslog 3
+$B%G%P%C%0>pJs$G$9!#(B
 .It Cm auth_as_self
-This option will require the user
-to authenticate themself as the user
-given by
-.Xr getlogin 2 ,
-not as the account they are attempting to access.
-This is primarily for services like
-.Xr su 1 ,
-where the user's ability to retype
-their own password
-might be deemed sufficient.
+$BK\%*%W%7%g%s$O!"%"%/%;%9$7$h$&$H$7$F$$$k%"%+%&%s%H$N%f!<%6$G$O$J$/!"(B
+.Xr getlogin 2
+$B$GF@$i$l$k%f!<%6$H$7$F!"%f!<%6$,<+8J$rG'>Z$9$k$3$H$r5a$a$^$9!#(B
+$B$3$N%*%W%7%g%s$NBh0l5A$O!"(B
+.Xr su 1
+$B$N$h$&$J!"%f!<%6$,<+8J$N%Q%9%o!<%I$r:FEYF~NO$9$l$P==J,$H9M$($i$l$k(B
+$B%5!<%S%9$N$?$a$N$b$N$G$9!#(B
 .It Cm no_fake_prompts
-Do not generate fake challenges for users who do not have an OPIE key.
-Note that this can leak information to a hypothetical attacker about
-who uses OPIE and who does not, but it can be useful on systems where
-some users want to use OPIE but most do not.
+OPIE $B80$r;}$?$J$$%f!<%6$KBP$7$F!"56$N%A%c%l%s%8$r@8@.$7$J$$$h$&$K$7$^$9!#(B
+$B$3$l$O!"2>A[>e$N967b<T$KBP$7$F!"(B
+$BC/$,(B OPIE $B$r;HMQ$7$F$*$jC/$,;HMQ$7$F$$$J$$$N$+$H$$$&>pJs$rO31H$9$k$3$H$K(B
+$B$J$C$F$7$^$$$^$9$,!"$[$H$s$I$N%f!<%6$O(B OPIE $B$r;HMQ$7$J$$$,0lIt$N%f!<%6$N$_(B
+$B;HMQ$9$k%7%9%F%`$G$OM-MQ$G$9!#(B
 .El
 .Pp
-Note that
 .Nm
-ignores the standard options
+$B$OI8=`%*%W%7%g%s(B
 .Cm try_first_pass
-and
-.Cm use_first_pass ,
-since a challenge must be generated before the user can submit a valid
-response.
+$B$H(B
+.Cm use_first_pass
+$B$rL5;k$9$k$3$H$KCm0U$7$F$/$@$5$$!#(B
+$B2?8N$J$i!"%f!<%6$,@5Ev$J1~Ez$rDs=P$9$kA0$K!"(B
+$B%A%c%l%s%8$,@8@.$5$l$J$1$l$P$J$i$J$$$+$i$G$9!#(B
 .Sh $B4XO"%U%!%$%k(B
 .Bl -tag -width ".Pa /etc/opiekeys" -compact
 .It Pa /etc/opiekeys
--
$BKY@nOBM:(B
