.\" $OpenBSD: login_skey.8,v 1.8 2004/08/05 13:37:06 millert Exp $ .\" .\" Copyright (c) 2000, 2002 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" Sponsored in part by the Defense Advanced Research Projects .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .Dd July 26, 2004 .Dt LOGIN_SKEY 8 .Os .Sh NAME .Nm login_skey .Nd provide S/Key authentication type .Sh SYNOPSIS .Nm login_skey .Op Fl s Ar service .Op Fl v Ar fd=number .Ar user .Op Ar class .Sh DESCRIPTION The .Nm utility is called by .Xr login 1 , .Xr su 1 , .Xr ftpd 8 , and others to authenticate the .Ar user with S/Key authentication. .Pp The .Ar service argument specifies which protocol to use with the invoking program. The allowed protocols are .Em login , .Em challenge , and .Em response . The default protocol is .Em login . .Pp The .Ar fd argument is used to specify the number of an open, locked file descriptor that references the user's S/Key entry. This is used to prevent simultaneous S/Key authorization attempts from using the same challenge. .Pp The .Ar user argument is the login name of the user to be authenticated. .Pp The optional .Ar class argument is accepted for consistency with the other login scripts but is not used. .Pp .Nm will look up .Ar user in the S/Key database and, depending on the desired protocol, will do one of three things: .Bl -tag -width challenge .It login Present .Ar user with an S/Key challenge, accept a response and report back to the invoking program whether or not the authentication was successful. .It challenge Return the current S/Key challenge for .Ar user . .It response Report back to the invoking program whether or not the specified response matches the current S/Key challenge for .Ar user . .El .Pp If .Ar user does not have an entry in the S/Key database, a fake challenge will be generated by the S/Key library. .Sh FILES .Bl -tag -width /etc/skey .It Pa /etc/skey directory containing user entries for S/Key .El .Sh SEE ALSO .Xr login 1 , .Xr skey 1 , .Xr skeyinfo 1 , .Xr skeyinit 1 , .Xr login.conf 5 , .Xr ftpd 8