diff options
Diffstat (limited to 'content/posts/how-bsd-authentication-works/index.org')
| -rw-r--r-- | content/posts/how-bsd-authentication-works/index.org | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org index 65c44cf..77da1b5 100644 --- a/content/posts/how-bsd-authentication-works/index.org +++ b/content/posts/how-bsd-authentication-works/index.org @@ -18,7 +18,7 @@ Authentication Module (PAM). The two main implementations of PAM are [[http://www.linux-pam.org/][Linux PAM]] and [[https://www.openpam.org/][OpenPAM]]. PAM modules are created a dynamically loaded shared objects, which communicate using a set of standard - interfaces ([[https://linux.die.net/man/3/pam][Linux-PAM]]) ([[https://www.freebsd.org/cgi/man.cgi?query=pam&apropos=0&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports&arch=default&format=html][OpenPAM]]). PAM is configured using the [[https://linux.die.net/man/5/pam.d][pam.d]] + interfaces ([[https://linux.die.net/man/3/pam][Linux-PAM]] and [[https://www.freebsd.org/cgi/man.cgi?query=pam&apropos=0&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports&arch=default&format=html][OpenPAM]]). PAM is configured using the [[https://linux.die.net/man/5/pam.d][pam.d]] directory and [[https://www.freebsd.org/cgi/man.cgi?query=pam.conf&sektion=5&apropos=0&manpath=FreeBSD+12.1-RELEASE+and+Ports][pam.conf]]. OpenBSD on the other hand uses a mechanism called BSD @@ -28,9 +28,10 @@ 2.9. BSD Auth is comparatively much simpler than PAM. Modules or, authentication "styles", are instead stand alone applications or scripts that communicate over IPC (=PF_LOCAL, SOCK_STREAM=, - specifically). The program or script has no ability to interfere with - the parent and can very easily revoke permissions using =pledge(3)= or - =unveil(3)=. + specifically). The program or script has no ability to interfere + with the parent and can very easily revoke permissions using + [[https://man.openbsd.org/pledge][=pledge(2)=]] or [[https://man.openbsd.org/unveil][=unveil(2)=]]. The BSD Authentication system of + configured through [[https://man.openbsd.org/login.conf][=login.conf(5)=]]. * Why @@ -50,7 +51,7 @@ - =<style>= is the authentication method. This could be =passwd=, =radius=, =skey=, =yubikey=, etc. There's more information about - available styles in =login.conf(5)= under the =AUTHENTICATION= + available styles in [[https://man.openbsd.org/login.conf][=login.conf(5)=]] under the [[https://man.openbsd.org/login.conf#AUTHENTICATION][=AUTHENTICATION=]] header. - =service= is the service type. Typically authentication methods will accept one of three values here, =login=, =challenge=, or @@ -65,8 +66,8 @@ * Documentation All of the high level authentication functions are described in - =authenticate(3)=, with the lower level functions being described in - =auth_subr(3)=. + [[https://man.openbsd.org/authenticate][=authenticate(3)=]], with the lower level functions being described in + [[https://man.openbsd.org/auth_subr][=auth_subr(3)=]]. * auth_userokay |