pam_otp 8 pam_otp PAM OTP module service-name auth control-flag pam_otp options The OTP authentication service module for PAM, pam_otp, provides functionality for only PAM authentication. Users are optionally sent a challenge and then authenticated via the OTP database. expose_account Enable logging output with username and challenge response. allow_inactive Users set to a status of inactive will return PAM_SUCCESS when the allow_inactive option is set. The default behavior for inactive users is to return PAM_AUTH_ERR. display_count The HOTP challenge will include the current count for the user when the display_count option is set. The default behavior will not display the count unless the user record flags field has OTP_USER_FLAGS_DSPCNT set. require_db_entry A user not in the OTP database will be denied access with the require_db_entry option is set. This option is set by default. require_db_entry and allow_unknown user set the same flag and are mutually exclusive. allow_unknown_user A user not in the OTP database will be allowed access with the allow_unknown_user option set. This option is disabled by default. require_db_entry and allow_unknown user set the same flag and are mutually exclusive. otpdb=alternate_otpdb alternate_otpdb is used as the OTP database. service=service_name Service name for use with send-token option. window=window Set OTP challenge window. Mark Fullmer maf@splintered.net otp-sca(1) otp-sct(1) otp-control(1) htsoft-downloader(1) otp-openvpn-plugin(1) urd(1) bcload(1) pam(8) spyrus-par2(7)