1.\" $OpenBSD: login_skey.8,v 1.8 2004/08/05 13:37:06 millert Exp $
2.\"
3.\" Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.\" Sponsored in part by the Defense Advanced Research Projects
18.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
19.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
20.\"
21.Dd July 26, 2004
22.Dt LOGIN_SKEY 8
23.Os
24.Sh NAME
25.Nm login_skey
26.Nd provide S/Key authentication type
27.Sh SYNOPSIS
28.Nm login_skey
29.Op Fl s Ar service
30.Op Fl v Ar fd=number
31.Ar user
32.Op Ar class
33.Sh DESCRIPTION
34The
35.Nm
36utility is called by
37.Xr login 1 ,
38.Xr su 1 ,
39.Xr ftpd 8 ,
40and others to authenticate the
41.Ar user
42with S/Key authentication.
43.Pp
44The
45.Ar service
46argument specifies which protocol to use with the
47invoking program.
48The allowed protocols are
49.Em login ,
50.Em challenge ,
51and
52.Em response .
53The default protocol is
54.Em login .
55.Pp
56The
57.Ar fd
58argument is used to specify the number of an open, locked file descriptor
59that references the user's S/Key entry.
60This is used to prevent simultaneous S/Key authorization attempts from
61using the same challenge.
62.Pp
63The
64.Ar user
65argument is the login name of the user to be authenticated.
66.Pp
67The optional
68.Ar class
69argument is accepted for consistency with the other login scripts but
70is not used.
71.Pp
72.Nm
73will look up
74.Ar user
75in the S/Key database and, depending on the desired protocol,
76will do one of three things:
77.Bl -tag -width challenge
78.It login
79Present
80.Ar user
81with an S/Key challenge, accept a response and report back to the
82invoking program whether or not the authentication was successful.
83.It challenge
84Return the current S/Key challenge for
85.Ar user .
86.It response
87Report back to the invoking program whether or not the specified
88response matches the current S/Key challenge for
89.Ar user .
90.El
91.Pp
92If
93.Ar user
94does not have an entry in the S/Key database, a fake challenge will
95be generated by the S/Key library.
96.Sh FILES
97.Bl -tag -width /etc/skey
98.It Pa /etc/skey
99directory containing user entries for S/Key
100.El
101.Sh SEE ALSO
102.Xr login 1 ,
103.Xr skey 1 ,
104.Xr skeyinfo 1 ,
105.Xr skeyinit 1 ,
106.Xr login.conf 5 ,
107.Xr ftpd 8
108