provide TIS Firewall Toolkit authentication type
login_tis utility is called by
ftpd(8), and others to
authenticate the user via the TIS “Firewall
Toolkit” authentication server (authsrv),
optionally using DES encryption.
The service argument specifies which
protocol to use with the invoking program. The allowed protocols are
login, challenge, and
response. The default protocol is
The fd argument is used to specify the
number of an open file descriptor connected to authsrv.
This allows a persistent connection to be used for separate
challenge and response
The user argument is the login name of the
user to be authenticated.
The class argument is the login class of the
user to be authenticated and is used to look up
/etc/login.conf variables (see below). It is also
sent to authsrv for logging purposes. If no
class argument is specified, the class will be
obtained from the password database.
login_tis will connect to
authsrv and, depending on the desired protocol, will do
one of three things:
- Present user with a challenge, accept a response and
report back to the invoking program whether or not the authentication was
- Return a challenge for user if the user's entry in
authsrv specifies a challenge/response style of
- Send a response to authsrv and report back to the
invoking program whether or not the server accepted it.
login_tis utility uses the following
TIS-specific /etc/login.conf variables:
- Path to a file containing a DES key string to be used for encrypting
communications end to end with authsrv. This file must
not be readable or writable by users other than root. If no
tis-keyfile is specified, communication with
authsrv will be sent in clear text.
- Symbolic name listed in
services(5) or port
number on which authsrv listens. Defaults to port
- Hostname or IP address of the TIS authsrv daemon to
connect to. Defaults to “localhost”.
- Alternate server to use when the primary is not reachable.
- Number of seconds to wait for a response from authsrv.
Defaults to 15 seconds.