1 files changed, 13 insertions, 11 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index 22e3e9a..8678a09 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -137,7 +137,8 @@
   #+END_SRC
 
   The auth module communicates with its caller through what's called
-  the "back channel" on file descriptor 3.
+  the "back channel" on file descriptor 3. This communication is
+  covered in greater detail in the [[#auth_call][=auth_call=]] section.
 
   Some modules require an extra file descriptor to be passed in for
   stateful challenge/response authentication. In these cases, an extra
@@ -179,11 +180,10 @@
   :PROPERTIES:
   :CUSTOM_ID: auth_userokay
   :END:
-<<here>>
   [[https://man.openbsd.org/authenticate.3#auth_userokay][=auth_userokay=]] is the highest level function, and easiest to use.
-  It takes four character arrays as arguments, =name=, =style=,
-  =type=, and =password=. It returns either a =0= for failure, of a
-  non-zero value for success.
+  It takes four strings as arguments: =name=, =style=, =type=, and
+  =password=. It returns either a =0= for failure, of a non-zero value
+  for success.
 
   @@html: <details> <summary> @@
   #+BEGIN_SRC c
@@ -204,23 +204,22 @@
   - =name= is the name of the user to be authenticated
   - =style= is the login method to be used
     - If =style= is =NULL=, the user's default login style will be
-      used. By default this is =passwd= on normal accounts.
+      used. This is =passwd= on normal accounts.
     - The style can be one of the installed authentication methods, like
       =passwd=, =radius=, =skey=, =yubikey=, etc.
-    - There's more information about available styles in =login.conf(5)=
     - Styles can also be installed through BSD Auth module packages
   - =type= is the authentication type
-    - Types are defined in =login.conf= and define a group of allowed
-      auth styles
+    - Types are defined in =login.conf= and as a group of allowed auth
+      styles
     - If =type= is =NULL=, use the auth type for the user's login
       class. The default type is =auth-default=, which allows
       =psaswd= and =skey= auth methods.
-    - There's more information about how to add methods in =login.conf(5)=
   - =password= is the password to test
     - If =password= is =NULL=, then the user is interactively
       prompted. This is required for auth styles using
       challenge-response methods.
-    - If =password= is specified, then it's non-interactively tested
+    - If =password= is specified, then it's passed to the auth module
+      as a =response=
 
   =auth_userokay= is just a wrapper around [[#auth_usercheck][=auth_usercheck=]] that takes
   care of closing the session using [[#auth_close][=auth_close=]], and returning the
@@ -230,6 +229,9 @@
   :PROPERTIES:
   :CUSTOM_ID: auth_session_t
   :END:
+
+  <<review>>
+
   =auth_session_t= is the main data structure used to represent the
   authentication session.