libexec/login_skey/login_skey.8

    login_skey.8 revision 1.6
     $OpenBSD: login_skey.8,v 1.6 2003/06/03 01:52:40 millert Exp $

 Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>

 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.

 THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL
 WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
 OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TODD C. MILLER BE LIABLE
 FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

.Dd July 14, 2002
.Dt LOGIN_SKEY 8
.Os
.Sh NAME
.Nm login_skey
.Nd provide S/Key authentication type
.Sh SYNOPSIS
.Nm login_skey
.Op Fl s Ar service
.Ar user
.Op Ar class
.Sh DESCRIPTION
The
.Nm
utility is called by
.Xr login 1 ,
.Xr su 1 ,
.Xr ftpd 8 ,
and others to authenticate the
.Ar user
with S/Key authentication.
p
The
.Ar service
argument specifies which protocol to use with the
invoking program.
The allowed protocols are
.Em login ,
.Em challenge ,
and
.Em response .
The default protocol is
.Em login .
p
The
.Ar user
argument is the login name of the user to be authenticated.
p
The
.Ar class
argument is not used.
p
.Nm
will look up
.Ar user
in the S/Key database and, depending on the desired protocol,
will do one of three things:
l -tag -width challenge t login Present
.Ar user
with an S/Key challenge, accept a response and report back to the
invoking program whether or not the authentication was successful.
t challenge Return the current S/Key challenge for
.Ar user .
t response Report back to the invoking program whether or not the specified
response matches the current S/Key challenge for
.Ar user .
.El
p
If
.Ar user
does not have an entry in the S/Key database, a fake challenge will
be generated by the S/Key library.
.Sh FILES
l -tag -width /etc/skey t Pa /etc/skey directory containing user entries for S/Key
.El
.Sh SEE ALSO
.Xr login 1 ,
.Xr skey 1 ,
.Xr skeyinfo 1 ,
.Xr skeyinit 1 ,
.Xr login.conf 5 ,
.Xr ftpd 8