Change S/Key stuff from using a flat file (/etc/skeykeys) to a directory

where each user gets their own file, which is owned by that user.

An old S/Key database may be converted by running "skeyinit -C" as root.

Programs that need to access the S/Key database no longer need to be
setuid root.  They must now be setgid auth instead.

1 files changed, 4 insertions, 1 deletions

diff --git a/lib/libskey/skey.3 b/lib/libskey/skey.3
index 81e344b6561..11540cf1706 100644
--- a/lib/libskey/skey.3
+++ b/lib/libskey/skey.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: skey.3,v 1.3 2002/04/30 16:31:42 mpech Exp $
+.\" $OpenBSD: skey.3,v 1.4 2002/05/16 03:50:42 millert Exp $
 .\"
 .\" Copyright (c) 2001 Todd C. Miller <Todd.Miller@courtesan.com>
 .\" All rights reserved.
@@ -333,6 +333,9 @@ The S/Key database remains open after a call to
 If no error was encountered accessing the S/Key database, the read/write
 file pointer is set to the beginning of the record or at EOF if
 there are no more records.
+.br
+Because it exposes other users' S/Key records, only the superuser may use
+.Fn skeygetnext .
 .Pp
 The
 .Fn skeylookup