MirBSD manpage: skey(5)

SKEY(5)                      BSD Reference Manual                      SKEY(5)


     skey - one-time password user database


     The /etc/skey directory contains user records for the S/Key one-time
     password authentication system.

     Records take the form of files within /etc/skey where each file is named
     for the user whose record it contains. For example, /etc/skey/root would
     hold root's S/Key record.

     The mode for /etc/skey should be 01730 and it should be owned by root and
     group auth. Individual records within /etc/skey should be owned by the
     user they describe and be mode 0600. To access S/Key records, a process
     must run as group auth.

     Each record consists of five lines:

     1.   The name of the user the record describes. This should be the same
          as the name of the file.

     2.   The hash type used for this entry; one of md4, md5, sha1, or rmd160.
          The default is md5.

     3.   The sequence number. This is a decimal number between one and one
          thousand. Each time the user authenticates via S/Key this number is
          decremented by one.

     4.   A seed used along with the sequence number and the six S/Key words
          to compute the value.

     5.   The value expected from the crunching of the user's seed, sequence
          number and the six S/Key words. When the result matches this value,
          authentication is considered to have been successful.




     Here is a sample /etc/skey file for root:



     skey(1), skeyinit(1), skey(3)

MirBSD #10-current               May 16, 2002                                1

Generated on 2022-12-24 01:00:14 by $MirOS: src/scripts/roff2htm,v 1.113 2022/12/21 23:14:31 tg Exp $ — This product includes material provided by mirabilos.

These manual pages and other documentation are copyrighted by their respective writers; their sources are available at the project’s CVSweb, AnonCVS and other mirrors. The rest is Copyright © 2002–2022 MirBSD.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report — diffs preferred.

Kontakt / Impressum & Datenschutzerklärung