summaryrefslogtreecommitdiffstats
path: root/content/posts
diff options
context:
space:
mode:
Diffstat (limited to 'content/posts')
-rw-r--r--content/posts/how-bsd-authentication-works/index.org15
1 files changed, 8 insertions, 7 deletions
diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org
index 65c44cf..77da1b5 100644
--- a/content/posts/how-bsd-authentication-works/index.org
+++ b/content/posts/how-bsd-authentication-works/index.org
@@ -18,7 +18,7 @@
Authentication Module (PAM). The two main implementations of PAM are
[[http://www.linux-pam.org/][Linux PAM]] and [[https://www.openpam.org/][OpenPAM]]. PAM modules are created a dynamically loaded
shared objects, which communicate using a set of standard
- interfaces ([[https://linux.die.net/man/3/pam][Linux-PAM]]) ([[https://www.freebsd.org/cgi/man.cgi?query=pam&apropos=0&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports&arch=default&format=html][OpenPAM]]). PAM is configured using the [[https://linux.die.net/man/5/pam.d][pam.d]]
+ interfaces ([[https://linux.die.net/man/3/pam][Linux-PAM]] and [[https://www.freebsd.org/cgi/man.cgi?query=pam&apropos=0&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports&arch=default&format=html][OpenPAM]]). PAM is configured using the [[https://linux.die.net/man/5/pam.d][pam.d]]
directory and [[https://www.freebsd.org/cgi/man.cgi?query=pam.conf&sektion=5&apropos=0&manpath=FreeBSD+12.1-RELEASE+and+Ports][pam.conf]].
OpenBSD on the other hand uses a mechanism called BSD
@@ -28,9 +28,10 @@
2.9. BSD Auth is comparatively much simpler than PAM. Modules or,
authentication "styles", are instead stand alone applications or
scripts that communicate over IPC (=PF_LOCAL, SOCK_STREAM=,
- specifically). The program or script has no ability to interfere with
- the parent and can very easily revoke permissions using =pledge(3)= or
- =unveil(3)=.
+ specifically). The program or script has no ability to interfere
+ with the parent and can very easily revoke permissions using
+ [[https://man.openbsd.org/pledge][=pledge(2)=]] or [[https://man.openbsd.org/unveil][=unveil(2)=]]. The BSD Authentication system of
+ configured through [[https://man.openbsd.org/login.conf][=login.conf(5)=]].
* Why
@@ -50,7 +51,7 @@
- =<style>= is the authentication method. This could be =passwd=,
=radius=, =skey=, =yubikey=, etc. There's more information about
- available styles in =login.conf(5)= under the =AUTHENTICATION=
+ available styles in [[https://man.openbsd.org/login.conf][=login.conf(5)=]] under the [[https://man.openbsd.org/login.conf#AUTHENTICATION][=AUTHENTICATION=]]
header.
- =service= is the service type. Typically authentication methods will
accept one of three values here, =login=, =challenge=, or
@@ -65,8 +66,8 @@
* Documentation
All of the high level authentication functions are described in
- =authenticate(3)=, with the lower level functions being described in
- =auth_subr(3)=.
+ [[https://man.openbsd.org/authenticate][=authenticate(3)=]], with the lower level functions being described in
+ [[https://man.openbsd.org/auth_subr][=auth_subr(3)=]].
* auth_userokay
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 14:25:49 +0000