2 files changed, 17 insertions, 3 deletions

diff --git a/content/posts/how-bsd-authentication-works/graph.dot b/content/posts/how-bsd-authentication-works/graph.dot
index a07e3ec..6414b11 100644
--- a/content/posts/how-bsd-authentication-works/graph.dot
+++ b/content/posts/how-bsd-authentication-works/graph.dot
@@ -52,7 +52,7 @@ digraph G {
     auth_verify -> auth_setstate;
     auth_verify -> auth_call;
 
-    auth_call -> execve;
+    auth_call -> execve[label="fork()"];
     // auth_call -> _auth_spool;
 
     execve -> login;
diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org
index 20b825f..29a9d62 100644
--- a/content/posts/how-bsd-authentication-works/index.org
+++ b/content/posts/how-bsd-authentication-works/index.org
@@ -68,9 +68,23 @@ The return codes are defined inside of =login_cap.h= as
 
 =auth_userokay= is just a wrapper around =auth_usercheck=, which
 returns a finished auth session of type =auth_session_t=. It closes
-the auth session and returns the value returned from =auth_close=.
+the auth session using =auth_close= and returns the value returned
+from closing.
 
-=auth_usercheck=
+=auth_usercheck= checks the user name against the passwd db. It also
+checks the login class against the =login.conf= db, along with
+confirming the login styles available.
+
+#+begin_quote
+Validates the checks that the user exists, gets the user's login
+class, verifies the auth type, and that the auth style can be used.
+
+It creates an auth session struct.
+
+If the password is provided it sets the service type to =response=,
+and adds the adds the password to the auth data. Otherwise it
+leaves it empty.
+#+end_quote
 
 From there it calls a couple other functions, constructing and
 filling out an =auth_session_t= struct using the =auth_set*=