[OpenBSD]

Manual Page Search Parameters
LOGIN_TIS(8) System Manager's Manual LOGIN_TIS(8)

login_tis
provide TIS Firewall Toolkit authentication type

login_tis [-s service] [-v fd=number] user [class]

The login_tis utility is called by login(1), su(1), ftpd(8), and others to authenticate the user via the TIS “Firewall Toolkit” authentication server (authsrv), optionally using DES encryption.

The service argument specifies which protocol to use with the invoking program. The allowed protocols are login, challenge, and response. The default protocol is login.

The fd argument is used to specify the number of an open file descriptor connected to authsrv. This allows a persistent connection to be used for separate challenge and response authentication.

The user argument is the login name of the user to be authenticated.

The class argument is the login class of the user to be authenticated and is used to look up /etc/login.conf variables (see below). It is also sent to authsrv for logging purposes. If no class argument is specified, the class will be obtained from the password database.

login_tis will connect to authsrv and, depending on the desired protocol, will do one of three things:

login
Present user with a challenge, accept a response and report back to the invoking program whether or not the authentication was successful.
challenge
Return a challenge for user if the user's entry in authsrv specifies a challenge/response style of authentication.
response
Send a response to authsrv and report back to the invoking program whether or not the server accepted it.

The login_tis utility uses the following TIS-specific /etc/login.conf variables:
tis-keyfile
Path to a file containing a DES key string to be used for encrypting communications end to end with authsrv. This file must not be readable or writable by users other than root. If no tis-keyfile is specified, communication with authsrv will be sent in clear text.
tis-port
Symbolic name listed in services(5) or port number on which authsrv listens. Defaults to port 7777.
tis-server
Hostname or IP address of the TIS authsrv daemon to connect to. Defaults to “localhost”.
tis-server-alt
Alternate server to use when the primary is not reachable.
tis-timeout
Number of seconds to wait for a response from authsrv. Defaults to 15 seconds.

login(1), login.conf(5), services(5), ftpd(8), login_radius(8)
January 15, 2015 OpenBSD-5.8