login_skey - provide S/Key authentication type
login_skey [-s service] [-v fd=number] user [class]
The login_skey utility is called by login(1), su(1), ftpd(8), and others
to authenticate the user with S/Key authentication.
The service argument specifies which protocol to use with
the invoking
program. The allowed protocols are login, challenge, and
response. The
default protocol is login.
The fd argument is used to specify the number of an open,
locked file descriptor
that references the user's S/Key entry. This is
used to prevent
simultaneous S/Key authorization attempts from using the
same challenge.
The user argument is the login name of the user to be authenticated.
The optional class argument is accepted for consistency with
the other
login scripts but is not used.
login_skey will look up user in the S/Key database and, depending on the
desired protocol, will do one of three things:
login Present user with an S/Key challenge, accept a
response and
report back to the invoking program whether or
not the authentication
was successful.
challenge Return the current S/Key challenge for user.
response Report back to the invoking program whether or
not the specified
response matches the current S/Key challenge
for user.
If user does not have an entry in the S/Key database, a fake
challenge
will be generated by the S/Key library.
/etc/skey directory containing user entries for S/Key
login(1), skey(1), skeyinfo(1), skeyinit(1), login.conf(5),
ftpd(8)
OpenBSD 3.6 July 26, 2004
[ Back ] |
