skey - one-time password user database
The /etc/skey directory contains user records for the S/Key
one-time
password authentication system.
Records take the form of files within /etc/skey where each
file is named
for the user whose record it contains. For example,
/etc/skey/root would
hold root's S/Key record.
The mode for /etc/skey should be 01730 and it should be
owned by root and
group auth. Individual records within /etc/skey should be
owned by the
user they describe and be mode 0600. To access S/Key
records, a process
must run as group auth.
Each record consists of five lines:
1. The name of the user the record describes. This should
be the same
as the name of the file.
2. The hash type used for this entry; one of md4, md5,
sha1, or rmd160.
The default is md5.
3. The sequence number. This is a decimal number between
one and one
thousand. Each time the user authenticates via S/Key
this number is
decremented by one.
4. A seed used along with the sequence number and the six
S/Key words
to compute the value.
5. The value expected from the crunching of the user's
seed, sequence
number and the six S/Key words. When the result matches this value,
authentication is considered to have been successful.
/etc/skey
Here is a sample /etc/skey file for root:
root
md5
99
obsd36521
1f4359a3764b675d
skey(1), skeyinit(1), skey(3)
OpenBSD 3.6 May 16, 2002
[ Back ] |
