LOGIN_SKEY(8) - System Manager's Manual

LOGIN_SKEY(8) - System Manager’s Manual #

LOGIN_SKEY(8) - System Manager’s Manual

NAME #

login_skey - provide S/Key authentication type

SYNOPSIS #

login_skey [-s service] [-v fd=number] user [class]

DESCRIPTION #

The login_skey utility is called by login(1), su(1), ftpd(8), and others to authenticate the user with S/Key authentication.

The service argument specifies which protocol to use with the invoking program. The allowed protocols are login, challenge, and response. The default protocol is login.

The fd argument is used to specify the number of an open, locked file descriptor that references the user’s S/Key entry. This is used to prevent simultaneous S/Key authorization attempts from using the same challenge.

The user argument is the login name of the user to be authenticated.

The optional class argument is accepted for consistency with the other login scripts but is not used.

login_skey will look up user in the S/Key database and, depending on the desired protocol, will do one of three things:

login

Present user with an S/Key challenge, accept a response and report back to the invoking program whether or not the authentication was successful.

challenge

Return the current S/Key challenge for user.

response

Report back to the invoking program whether or not the specified response matches the current S/Key challenge for user.

If user does not have an entry in the S/Key database, a fake challenge will be generated by the S/Key library.

FILES #

/etc/skey

directory containing user entries for S/Key

SEE ALSO #

login(1), skey(1), skeyinfo(1), skeyinit(1), login.conf(5), ftpd(8)

OpenBSD 7.5 - January 25, 2019