1 files changed, 40 insertions, 2 deletions

diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org
index 77da1b5..5d756da 100644
--- a/content/posts/how-bsd-authentication-works/index.org
+++ b/content/posts/how-bsd-authentication-works/index.org
@@ -57,12 +57,50 @@
     accept one of three values here, =login=, =challenge=, or
     =response=. =login= is the default if it's not specified, and is
     usually the right choice. Read the style's man page for details.
-  - =-v key=value= is an optional argument. This is used to pass extra
-    data to the program under certain circumstances.
+  - =-v key=value= is an optional argument. There is no limit to the
+    number of =-v= arguments. This is used to pass extra data to the
+    program under certain circumstances.
   - =user= is the name of the user to be authenticated.
   - =class= is optional and specifies the class of the user to be
     authenticated.
 
+  =login= and =su= pass in extra data as =-v= flags.
+
+  #+CAPTION: Taken from [[https://man.openbsd.org/login.conf][=login.conf(5)=]]
+  #+BEGIN_SRC
+  The login(1) program provides the following through the -v option:
+
+     auth_type       The type of authentication to use.
+
+     fqdn            The hostname provided to login by the -h option.
+
+     hostname        The name login(1) will place in the utmp file for the
+                     remote hostname.
+
+     local_addr      The local IP address given to login(1) by the -L option.
+
+     lastchance      Set to "yes" when a user's password has expired but the
+                     user is being given one last chance to login and update
+                     the password.
+
+     login           This is a new login session (as opposed to a simple
+                     identity check).
+
+     remote_addr     The remote IP address given to login(1) by the -R option.
+
+     style           The style of authentication used for this user (see
+                     approval scripts below).
+
+     The su(1) program provides the following through the -v option:
+
+     wheel           Set to either "yes" or "no" to indicate if the user is in
+                     group wheel when they are trying to become root.  Some
+                     authentication types require the user to be in group
+                     wheel when using the su(1) program to become super user.
+  #+END_SRC
+
+  The auth module communicates with its caller through file descriptor 3.
+
 * Documentation
 
   All of the high level authentication functions are described in