LOGIN_TIS(8) OpenBSD System Manager's Manual LOGIN_TIS(8)NAMElogin_tis - provide TIS Firewall Toolkit authentication type
SYNOPSISlogin_tis [-s service] [-v fd=number] user [class]
DESCRIPTION
The login_tis utility is called by login(1), su(1), ftpd(8), and others
to authenticate the user via the TIS ``Firewall Toolkit'' authentication
server (authsrv), optionally using DES encryption.
The service argument specifies which protocol to use with the invoking
program. The allowed protocols are login, challenge, and response. The
default protocol is login.
The fd argument is used to specify the number of an open file descriptor
connected to authsrv. This allows a persistent connection to be used for
separate challenge and response authentication.
The user argument is the login name of the user to be authenticated.
The class argument is the login class of the user to be authenticated and
is used to look up /etc/login.conf variables (see below). It is also
sent to authsrv for logging purposes. If no class argument is specified,
the class will be obtained from the password database.
login_tis will connect to authsrv and, depending on the desired protocol,
will do one of three things:
login Present user with a challenge, accept a response and report
back to the invoking program whether or not the authentication
was successful.
challenge Return a challenge for user if the user's entry in authsrv
specifies a challenge/response style of authentication.
response Send a response to authsrv and report back to the invoking
program whether or not the server accepted it.
LOGIN.CONF VARIABLES
The login_tis utility uses the following TIS-specific /etc/login.conf
variables:
tis-keyfile Path to a file containing a DES key string to be used for
encrypting communications end to end with authsrv. This
file must not be readable or writable by users other than
root. If no tis-keyfile is specified, communication with
authsrv will be sent in clear text.
tis-port Symbolic name listed in services(5) or port number on
which authsrv listens. Defaults to port 7777.
tis-server Hostname or IP address of the TIS authsrv daemon to
connect to. Defaults to ``localhost''.
tis-server-alt Alternate server to use when the primary is not
reachable.
tis-timeout Number of seconds to wait for a response from authsrv.
Defaults to 15 seconds.
SEE ALSOlogin(1), login.conf(5), services(5), ftpd(8), login_radius(8)OpenBSD 4.9 May 31, 2007 OpenBSD 4.9