From 792f1e07ed9e8d34c78856cb178d00c1606f61ce Mon Sep 17 00:00:00 2001
From: Dante Catalfamo
Date: Fri, 30 Oct 2020 01:37:11 -0400
Subject: Wording of into on BSD Auth

---
 .../WIP-how-bsd-authentication-works/index.org     | 35 +++++++++++-----------
 1 file changed, 17 insertions(+), 18 deletions(-)

(limited to 'content/posts/WIP-how-bsd-authentication-works')

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index c06596b..0903ee7 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -11,27 +11,26 @@
 [[https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/]]
 * History
 
-  OpenBSD is quite different from many other Unix-like operating systems
-  in many ways, but one way which I find interesting is the
+  OpenBSD is quite different from many other Unix-like operating
+  systems in many ways, but one way which I find interesting is the
   authentication system. Most systems from AIX, Solaris, and Linux to
   most BSDs including MacOS use some form of a system called Pluggable
   Authentication Module (PAM). The two main implementations of PAM are
-  [[http://www.linux-pam.org/][Linux PAM]] and [[https://www.openpam.org/][OpenPAM]]. PAM modules are created a dynamically loaded
-  shared objects, which communicate using a set of standard
-  interfaces ([[https://linux.die.net/man/3/pam][Linux-PAM]] and [[https://www.freebsd.org/cgi/man.cgi?query=pam&apropos=0&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports&arch=default&format=html][OpenPAM]]). PAM is configured using the [[https://linux.die.net/man/5/pam.d][pam.d]]
-  directory and [[https://www.freebsd.org/cgi/man.cgi?query=pam.conf&sektion=5&apropos=0&manpath=FreeBSD+12.1-RELEASE+and+Ports][pam.conf]].
+  [[http://www.linux-pam.org/][Linux PAM]] and [[https://www.openpam.org/][OpenPAM]]. PAM modules are created as dynamically loaded
+  shared objects, which communicate using a set of standard interfaces
+  ([[https://linux.die.net/man/3/pam][Linux-PAM]] and [[https://www.freebsd.org/cgi/man.cgi?query=pam&apropos=0&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports&arch=default&format=html][OpenPAM]]). PAM is configured using the [[https://linux.die.net/man/5/pam.d][pam.d]] directory
+  and [[https://www.freebsd.org/cgi/man.cgi?query=pam.conf&sektion=5&apropos=0&manpath=FreeBSD+12.1-RELEASE+and+Ports][pam.conf]].
 
   OpenBSD on the other hand uses a mechanism called BSD
   Authentication. It was originally developed for a proprietary
   operating system called [[https://en.wikipedia.org/wiki/BSD/OS][BSD/OS]] by [[https://en.wikipedia.org/wiki/Berkeley_Software_Design][Berkeley Software Design Inc.]], who
-  later donated the system. It was adopted by OpenBSD in release
-  2.9. BSD Auth is comparatively much simpler than PAM. Modules or,
+  later donated the system. It was adopted by OpenBSD in release 2.9.
+  BSD Auth is comparatively much simpler than PAM. Modules or,
   authentication "styles", are instead stand alone applications or
-  scripts that communicate over IPC (=PF_LOCAL, SOCK_STREAM=,
-  specifically). The program or script has no ability to interfere
-  with the parent and can very easily revoke permissions using
-  [[https://man.openbsd.org/pledge][=pledge(2)=]] or [[https://man.openbsd.org/unveil][=unveil(2)=]]. The BSD Authentication system of
-  configured through [[https://man.openbsd.org/login.conf][=login.conf(5)=]].
+  scripts that communicate over IPC. The program or script has no
+  ability to interfere with the parent and can very easily revoke
+  permissions using [[https://man.openbsd.org/pledge][=pledge(2)=]] or [[https://man.openbsd.org/unveil][=unveil(2)=]]. The BSD Authentication
+  system of configured through [[https://man.openbsd.org/login.conf][=login.conf(5)=]].
 
 * Why
 
@@ -56,13 +55,13 @@
     header.
   - =service= is the service type. Typically authentication methods
     will accept one of three values here, =login=, =challenge=, or
-    =response=. =login= is the default if it's not specified. =login=
-    is used to let the module know to interact with the user directly,
+    =response=. =login= is the default if it's not specified, and is
+    used to let the module know to interact with the user directly,
     while =challenge= and =response= are used to pass messages back
     and forth through the BSD Auth API. Each style's man page will
     have more details on these.
-  - =-v key=value= is an optional argument. There is no limit to the
-    number of =-v= arguments. This is used to pass extra data to the
+  - =-v key=value= is an optional argument. There can be more than one
+    arguments in this style. This is used to pass extra data to the
     program under certain circumstances.
   - =user= is the name of the user to be authenticated.
   - =class= is optional and specifies the class of the user to be
@@ -589,7 +588,7 @@
 
 ** _auth_next_arg
    #+BEGIN_SRC c
-   static char * _auth_next_arg(auth_session_t *as)
+   static char *_auth_next_arg(auth_session_t *as)
    #+END_SRC
 
    First goes through =as->ap0=, returning one argument at a time
-- 
cgit v1.2.3