1.\" $OpenBSD: skey.5,v 1.8 2019/01/25 00:19:26 millert Exp $ 2.\" 3.\" Copyright (c) 2002 Todd C. Miller <millert@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.\" Sponsored in part by the Defense Advanced Research Projects 18.\" Agency (DARPA) and Air Force Research Laboratory, Air Force 19.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. 20.\" 21.Dd $Mdocdate: January 25 2019 $ 22.Dt SKEY 5 23.Os 24.Sh NAME 25.Nm skey 26.Nd one-time password user database 27.Sh DESCRIPTION 28The 29.Pa /etc/skey 30directory contains user records for the S/Key one-time password authentication 31system. 32.Pp 33Records take the form of files within 34.Pa /etc/skey 35where each file is named for the user whose record it contains. 36For example, 37.Pa /etc/skey/root 38would hold root's S/Key record. 39.Pp 40The mode for 41.Pa /etc/skey 42should be 01730 and it should be owned by root and group auth. 43Individual records within 44.Pa /etc/skey 45should be owned by the user they describe and be mode 0600. 46To access S/Key records, a process must run as group auth. 47.Pp 48Each record consists of five lines: 49.Bl -enum 50.It 51The name of the user the record describes. 52This should be the same as the name of the file. 53.It 54The hash type used for this entry; 55one of md5, sha1, or rmd160. 56The default is md5. 57.It 58The sequence number. 59This is a decimal number between one and one thousand. 60Each time the user authenticates via S/Key this number is decremented by one. 61.It 62A seed used along with the sequence number and the six S/Key words to 63compute the value. 64.It 65The value expected from the crunching of the user's seed, sequence number 66and the six S/Key words. 67When the result matches this value, authentication is considered to have 68been successful. 69.El 70.Sh FILES 71.Bl -tag -width /etc/skey -compact 72.It Pa /etc/skey 73.El 74.Sh EXAMPLES 75Here is a sample 76.Pa /etc/skey 77file for root: 78.Bd -literal -offset indent 79root 80md5 8199 82obsd36521 831f4359a3764b675d 84.Ed 85.Sh SEE ALSO 86.Xr skey 1 , 87.Xr skeyinit 1 , 88.Xr skey 3 89