AUTHSRV(8) BSD System Manager's Manual AUTHSRV(8)NAMEauthsrv - remote authentication server
SYNOPSISauthsrv [-c class] [-t tracefile] [-T tracefile]
DESCRIPTION
The authsrv utility, which should be invoked by inetd(8), provides ser-
vice for the remote authentication protocol. The remote authentication
protocol provides transparent access to BSD Authentication on a remote
machine via an insecure network. All traffic is encrypted with random
bytes stuffed into the stream to limit the amount of known clear-text.
The method of encryption is configurable per client.
When a client is connected to the server, the server first searches the
/etc/authsrv.keys directory for a file which matches the IP address of
the client. A file is deemed to match the IP address if one of the IP
addresses associated with the name (as provided by gethostbyname(3))
match the clients IP address. The first match is used. The file matched
is expected to contain a single line of text which consists of a authen-
tication mode followed by a single space and authentication mode specific
data (see auth(4)). The supported authentication modes are:
DES Use DES to encrypt the data. A new random session key is used
for each session, limiting the exposure of the long lived shared
secret key.
The following options are available:
-c Use class instead of AUTHSRV as the class entry in the
/etc/login.conf used to determine what authentication types are
allowed. If specified, the types are determined by the auth-
authsrv entry. If not specified, the generic auth entry is used.
-t Place a trace of all data sent and received as it appears on the
wire into the file tracefile. The data is displayed in hexadeci-
mal.
-T Same as the -t flag except the clear text information is also re-
ported. THIS WILL REPORT SENSITIVE INFORMATION, SUCH AS PASS-
WORDS, IN THE CLEAR AND SHOULD ONLY BE USED WHEN DIAGNOSING A
PROBLEM AND NEVER USED IN PRODUCTION.
If the client sends the authentication style of auth then the first au-
thentication style allowed for the AUTHSRV class (or class if -c was
used) is used.
SEE ALSOauth(4), auth-keyx(8), login_auth(8)BSDI BSD/OS May 14, 1997 1