:: >From what I've read so far, if the user is present in opiekeys, the :: opieaccess file determines if the user (coming from a specific host or :: network) is allowed to use his unix password from this specific network. :: :: As my opieaccess file is empty and the default rule (as mentionned in the :: man file) is deny, I should not be able to get an ssh shell with my standard :: unix password. OpenSSH on FreeBSD is PAM-enabled if ChallengeResponseAuthentication is set to yes: ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed. Specifically, in FreeBSD, this controls the use of PAM (see pam(3)) for authentication. Note that this affects the effec- tiveness of the PasswordAuthentication and PermitRootLogin vari- ables. The default is ``yes''. Does your /etc/pam.conf disble password authentication? Cheers - Erick _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"