1 files changed, 68 insertions, 0 deletions

diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org
index fb0103f..b047b29 100644
--- a/content/posts/how-bsd-authentication-works/index.org
+++ b/content/posts/how-bsd-authentication-works/index.org
@@ -330,6 +330,74 @@
   #define BI_FDPASS       "fd"                /* child is passing an fd */
   #+END_SRC
 
+  The [[https://man.openbsd.org/login.conf][=login.conf(5)=]] man page once again goes into greater detail on
+  these values.
+
+  #+BEGIN_SRC
+  authorize  The user has been authorized.
+
+  authorize secure
+             The user has been authorized and root should be allowed to
+             login even if this is not a secure terminal.  This should only
+             be sent by authentication styles that are secure over insecure
+             lines.
+
+  reject     Authorization is rejected.  This overrides any indication that
+             the user was authorized (though one would question the wisdom
+             in sending both a reject and an authorize command).
+
+  reject challenge
+             Authorization was rejected and a challenge has been made
+             available via the value challenge.
+
+  reject silent
+             Authorization is rejected, but no error messages should be
+             generated.
+
+  remove file
+             If the login session fails for any reason, remove file before
+             termination.
+
+  setenv name value
+             If the login session succeeds, the environment variable name
+             should be set to the specified value.
+
+  unsetenv name
+             If the login session succeeds, the environment variable name
+             should be removed.
+
+  value name value
+             Set the internal variable name to the specified value.  The
+             value should only contain printable characters.  Several \
+             sequences may be used to introduce non printing characters.
+             These are:
+
+             \n      A newline.
+
+             \r      A carriage return.
+
+             \t      A tab.
+
+             \xxx    The character represented by the octal value xxx.  The
+                     value may be one, two, or three octal digits.
+
+             \c      The string is replaced by the value of c.  This allows
+                     quoting an initial space or the \ character itself.
+
+
+             The following values are currently defined:
+
+             challenge
+                     See section on challenges below.
+
+             errormsg
+                     If set, the value is the reason authentication failed.
+                     The calling program may choose to display this when
+                     rejecting the user, but display is not required.
+
+  #+END_SRC
+
+
   It is looking for lines that start with either =BI_AUTH=
   (=authorize=), or =BI_REJECT= (=reject=). If the line is still longer,
   it continues to scan for any other qualifiers such as =pwexpired= or