diff options
| author | Dante Catalfamo | 2020-07-03 19:41:35 -0400 |
|---|---|---|
| committer | Dante Catalfamo | 2020-07-03 19:41:35 -0400 |
| commit | 74392e3b26e4bdddf16d5541bb83274bfabd1e16 (patch) | |
| tree | f4113741c94c295b0bf692446d2cc7dc1c6027ba /content/posts/how-bsd-authentication-works | |
| parent | bdc38957e3bfcb5bb374bcd8820a82f8ac9a35ec (diff) | |
| download | blog-74392e3b26e4bdddf16d5541bb83274bfabd1e16.tar.gz blog-74392e3b26e4bdddf16d5541bb83274bfabd1e16.tar.bz2 blog-74392e3b26e4bdddf16d5541bb83274bfabd1e16.zip | |
Add more details on -v arguments to auth modules
Diffstat (limited to 'content/posts/how-bsd-authentication-works')
| -rw-r--r-- | content/posts/how-bsd-authentication-works/index.org | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org index 77da1b5..5d756da 100644 --- a/content/posts/how-bsd-authentication-works/index.org +++ b/content/posts/how-bsd-authentication-works/index.org @@ -57,12 +57,50 @@ accept one of three values here, =login=, =challenge=, or =response=. =login= is the default if it's not specified, and is usually the right choice. Read the style's man page for details. - - =-v key=value= is an optional argument. This is used to pass extra - data to the program under certain circumstances. + - =-v key=value= is an optional argument. There is no limit to the + number of =-v= arguments. This is used to pass extra data to the + program under certain circumstances. - =user= is the name of the user to be authenticated. - =class= is optional and specifies the class of the user to be authenticated. + =login= and =su= pass in extra data as =-v= flags. + + #+CAPTION: Taken from [[https://man.openbsd.org/login.conf][=login.conf(5)=]] + #+BEGIN_SRC + The login(1) program provides the following through the -v option: + + auth_type The type of authentication to use. + + fqdn The hostname provided to login by the -h option. + + hostname The name login(1) will place in the utmp file for the + remote hostname. + + local_addr The local IP address given to login(1) by the -L option. + + lastchance Set to "yes" when a user's password has expired but the + user is being given one last chance to login and update + the password. + + login This is a new login session (as opposed to a simple + identity check). + + remote_addr The remote IP address given to login(1) by the -R option. + + style The style of authentication used for this user (see + approval scripts below). + + The su(1) program provides the following through the -v option: + + wheel Set to either "yes" or "no" to indicate if the user is in + group wheel when they are trying to become root. Some + authentication types require the user to be in group + wheel when using the su(1) program to become super user. + #+END_SRC + + The auth module communicates with its caller through file descriptor 3. + * Documentation All of the high level authentication functions are described in |