From 87cee6eb735e0345c368b6272eb909f9d9b48e22 Mon Sep 17 00:00:00 2001
From: Dante Catalfamo
Date: Mon, 29 Jun 2020 00:50:42 -0400
Subject: Begin better description of login_ programs

---
 content/posts/how-bsd-authentication-works/index.org | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org
index f6c46af..35a3fb4 100644
--- a/content/posts/how-bsd-authentication-works/index.org
+++ b/content/posts/how-bsd-authentication-works/index.org
@@ -30,6 +30,23 @@ specifically). The program or script has no ability to interfere with
 the parent and can very easily revoke permissions using =pledge(3)= or
 =unveil(3)=.
 
+These programs or scripts are located in =/usr/libexec/auth/= with the
+naming convention =login_<style>=. They typically take arguments in
+the form of
+
+#+BEGIN_SRC shell
+login_<style> [-s service] [-v key=value] user [class]
+#+END_SRC
+
+<<here2>>
+
+- =<style>= is the authentication method. This could be =passwd=, =
+- =service= is the service type. Typically authentication methods will
+  accept three values here, =login=, =challenge=, or =response=. Some
+  styles take different service arguments, so read the method's man
+  page for details.
+  - =login= is the default method, it's typically
+
 This one is pretty difficult, since there seems to be very little
 information about how BSD Auth works apart from the source code
 itself. This is my best attempt to understand the flow of BSD Auth
@@ -146,7 +163,6 @@ auth_session_t *auth_usercheck(char *name, char *style, char *type, char *passwo
 checks the login class against the =login.conf= db, along with
 confirming the login styles available.
 
-
 If the password is non-=NULL=, then it calls =auth_open=, which
 allocates and returns the pointer to an =auth_session_t=, and sets its
 default =service= to =login=, and it's =fd= to =-1=. After that's
-- 
cgit v1.2.3