You can also specify default environment settings in
passwordcheck This gives the full path to an external program that will validate new passwords for quality. OpenBSD expects to pass the password to the program on standard input. The program is expected to return a 0 if the password is adequate or a 1 if the password is inadequate. passwordtime This is the lifetime of a password and can be used to enforce regular password changes. minpasswordlen This is the minimum length of a password. Authentication Methods You can also choose valid authentication methods in /etc/login.conf. OpenBSD uses “BSD Authentication,” which works in a different manner than the popular Pluggable Authentication Modules used in quite a few open-source operating systems. You just identify the authentication method you want in /etc/login.conf, and OpenBSD will attempt to authenticate users by that method. It couldn’t be easier than that! Merely setting an authentication mechanism does not configure the authentication method it merely tells the system to use that authentication method. For example, telling OpenBSD to authenticate a certain class of users via Kerberos V doesn’t magically set up a Kerberos domain. Accounts who use a particular authentication method will be locked out if that authentication mechanism is unavailable. Some authentication methods are simply not compatible with some protocols, so not all authentication methods work with all programs that provide logins. For example, while SSH works with cryptocards, it doesn’t work with the password-changing “lchpass” authentication method. You need to check the man page for each authentication method for bugs and test unusual combinations. Some of these authentication methods require additional login.conf variables, which are described in the manual page for that authentication method. For example, if you want to use Radius authentication, you need to tell login.conf where to find your Radius server. The manual page that describes the necessary configuration is given in the following table of common authentication methods. Here are the actual authentication methods supported by OpenBSD’s BSD Authentication. krb4-or-pwd Try Kerberos IV, then the local password file (see kerberos(1)) krb5-or-pwd Try Kerberos V, then the local password file (see kerberos(1)) passwd Use the local password file krb4 Use Kerberos IV (see kerberos(1)) krb5 Use Kerberos V (see kerberos(1)) chpass Do not log the user in, but instead change their Kerberos password or their local password if Kerberos is unavailable (see login_chpass(8)) lchpass Do not log the user in, but instead change their local password (see login_lchpass(8)) radius Use Radius authentication (see login_radius(8)) skey Use S/Key (see skey(1)) activ Use ActivCard X9.9 token-based authentication (see login_activ(8)) Page 142
Hint: This post is supported by Gama besplatan domen provider