Add skey(5)

1 files changed, 95 insertions, 0 deletions

diff --git a/lib/libskey/skey.5 b/lib/libskey/skey.5
new file mode 100644
index 00000000000..8395ec6bc27
--- /dev/null
+++ b/lib/libskey/skey.5
@@ -0,0 +1,95 @@
+.\" $OpenBSD: skey.5,v 1.1 2002/05/16 17:53:29 millert Exp $
+.\"
+.\" Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd May 16, 2002
+.Dt SKEY 5
+.Os
+.Sh NAME
+.Nm skey
+.Nd one-time password user database
+.Sh DESCRIPTION
+The
+.Pa /etc/skey
+directory contains user records for the S/Key one-time password authentication
+system.
+.Pp
+Records take the form of files within
+.Pa /etc/skey
+where each file is named for the user whose record it contains.
+For example,
+.Pa /etc/skey/root
+would hold root's S/Key record.
+.Pp
+The mode for
+.Pa /etc/skey  
+should be 01730 and it should be owned by root and group auth.
+Individual records within
+.Pa /etc/skey
+are owned by the user they describe and be mode 0600.
+To access S/Key records, a process must run as group auth.
+.Pp
+Each record consists of five lines:
+.Bl -enum
+.It
+The name of the user the record describes.
+This should be the same as the name of the file.
+.It
+The hash type used for this entry;
+one of md4, md5, sha1, or rmd160.
+The default is md5.
+.It
+The sequence number.
+This is a decimal number between one and one thousand.
+Each time the user authenticates via S/Key this number is decremented by one.
+.It
+A seed used along with the sequence number and the six S/Key words to
+compute the value.
+.It
+The value expected from the crunching of the user's seed, sequence number
+and the six S/Key words.
+When the result matches this value, authentication is considered to have
+been successful.
+.El
+.Sh EXAMPLES
+Here is a sample
+.Pa /etc/skey
+file for root:
+.Bd -literal -offset indent
+root
+md5
+99
+obsd36521
+1f4359a3764b675d
+.Ed
+.Sh FILES
+.Bl -tag -width /etc/skey -compact
+.It Pa /etc/skey
+.El
+.Sh SEE ALSO
+.Xr skey 1 ,
+.Xr skeyinit 1 ,
+.Xr skey 3