1.\" $OpenBSD: login_skey.8,v 1.8 2004/08/05 13:37:06 millert Exp $ 2.\" 3.\" Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.\" Sponsored in part by the Defense Advanced Research Projects 18.\" Agency (DARPA) and Air Force Research Laboratory, Air Force 19.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. 20.\" 21.Dd July 26, 2004 22.Dt LOGIN_SKEY 8 23.Os 24.Sh NAME 25.Nm login_skey 26.Nd provide S/Key authentication type 27.Sh SYNOPSIS 28.Nm login_skey 29.Op Fl s Ar service 30.Op Fl v Ar fd=number 31.Ar user 32.Op Ar class 33.Sh DESCRIPTION 34The 35.Nm 36utility is called by 37.Xr login 1 , 38.Xr su 1 , 39.Xr ftpd 8 , 40and others to authenticate the 41.Ar user 42with S/Key authentication. 43.Pp 44The 45.Ar service 46argument specifies which protocol to use with the 47invoking program. 48The allowed protocols are 49.Em login , 50.Em challenge , 51and 52.Em response . 53The default protocol is 54.Em login . 55.Pp 56The 57.Ar fd 58argument is used to specify the number of an open, locked file descriptor 59that references the user's S/Key entry. 60This is used to prevent simultaneous S/Key authorization attempts from 61using the same challenge. 62.Pp 63The 64.Ar user 65argument is the login name of the user to be authenticated. 66.Pp 67The optional 68.Ar class 69argument is accepted for consistency with the other login scripts but 70is not used. 71.Pp 72.Nm 73will look up 74.Ar user 75in the S/Key database and, depending on the desired protocol, 76will do one of three things: 77.Bl -tag -width challenge 78.It login 79Present 80.Ar user 81with an S/Key challenge, accept a response and report back to the 82invoking program whether or not the authentication was successful. 83.It challenge 84Return the current S/Key challenge for 85.Ar user . 86.It response 87Report back to the invoking program whether or not the specified 88response matches the current S/Key challenge for 89.Ar user . 90.El 91.Pp 92If 93.Ar user 94does not have an entry in the S/Key database, a fake challenge will 95be generated by the S/Key library. 96.Sh FILES 97.Bl -tag -width /etc/skey 98.It Pa /etc/skey 99directory containing user entries for S/Key 100.El 101.Sh SEE ALSO 102.Xr login 1 , 103.Xr skey 1 , 104.Xr skeyinfo 1 , 105.Xr skeyinit 1 , 106.Xr login.conf 5 , 107.Xr ftpd 8 108