diff options
| author | Dante Catalfamo | 2021-05-30 17:14:51 -0400 |
|---|---|---|
| committer | Dante Catalfamo | 2021-05-30 17:14:51 -0400 |
| commit | f7f68b7976de3da9cd2e4c5ac309d3777b3c4556 (patch) | |
| tree | dd51b890393f30d829ad453a8f0b216ee8c21f98 | |
| parent | 17676aa4cc0a4cbf663f11b2fb9dbbeec1467051 (diff) | |
| download | blog-f7f68b7976de3da9cd2e4c5ac309d3777b3c4556.tar.gz blog-f7f68b7976de3da9cd2e4c5ac309d3777b3c4556.tar.bz2 blog-f7f68b7976de3da9cd2e4c5ac309d3777b3c4556.zip | |
bsd-auth: improve wording
| -rw-r--r-- | content/posts/WIP-how-bsd-authentication-works/index.org | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org index 527f719..b81e12a 100644 --- a/content/posts/WIP-how-bsd-authentication-works/index.org +++ b/content/posts/WIP-how-bsd-authentication-works/index.org @@ -37,12 +37,12 @@ PAM can best be described as [[https://www.youtube.com/watch?v=-CXp3byvI1g][unstandardized black magic]]. OpenBSD on the other hand uses a mechanism called BSD - Authentication. It was originally developed for a proprietary - operating system called [[https://en.wikipedia.org/wiki/BSD/OS][BSD/OS]] by [[https://en.wikipedia.org/wiki/Berkeley_Software_Design][Berkeley Software Design Inc.]], who - later donated the system. It was adopted by OpenBSD in release 2.9. - BSD Auth is comparatively much simpler than PAM. Modules or, - authentication "styles", are instead stand alone applications or - scripts that communicate over IPC. The program or script has no + Authentication. It was originally developed for a now-defunct + proprietary operating system called [[https://en.wikipedia.org/wiki/BSD/OS][BSD/OS]] by [[https://en.wikipedia.org/wiki/Berkeley_Software_Design][Berkeley Software + Design Inc.]], who later donated the system. It was adopted by OpenBSD + in release 2.9. BSD Auth is comparatively much simpler than PAM. + Modules or, authentication "styles", are instead stand alone + applications or scripts that communicate over IPC. The module has no ability to interfere with the parent and can very easily revoke permissions using [[https://man.openbsd.org/pledge][=pledge(2)=]] or [[https://man.openbsd.org/unveil][=unveil(2)=]]. The BSD Authentication system of configured through [[https://man.openbsd.org/login.conf][=login.conf(5)=]]. @@ -2359,8 +2359,8 @@ @@html: </details> @@ =auth_approval= is used to check a user against the [[#approval][approval script]] - for service =type=. Approval script types all begin with - =approval-=. + for service =type=. It is a front end for [[#auth_call][=auth_call=]]. Approval + script types all begin with =approval-=. Before running the scripts, first the validity of the account is checked. This is done first using [[#auth_check_expired][=auth_check_expired=]], then |