The OTP authentication service module for PAM, pam_otp, provides functionality for only PAM authentication. Users are optionally sent a challenge and then authenticated via the OTP database.
Enable logging output with username and challenge response.
Users set to a status of inactive will return PAM_SUCCESS when the allow_inactive option is set. The default behavior for inactive users is to return PAM_AUTH_ERR.
The HOTP challenge will include the current count for the user when the display_count option is set. The default behavior will not display the count unless the user record flags field has OTP_USER_FLAGS_DSPCNT set.
A user not in the OTP database will be denied access with the require_db_entry option is set. This option is set by default. require_db_entry and allow_unknown user set the same flag and are mutually exclusive.
A user not in the OTP database will be allowed access with the allow_unknown_user option set. This option is disabled by default. require_db_entry and allow_unknown user set the same flag and are mutually exclusive.
alternate_otpdb is used as the OTP database.
Service name for use with send-token option.
Set OTP challenge window.