NAME

SYNOPSIS

DESCRIPTION

The service argument specifies which protocol to use with the invoking program. The allowed protocols are login, challenge, and response. The default protocol is login.

The fd argument is used to specify the number of an open file descriptor connected to authsrv. This allows a persistent connection to be used for separate challenge and response authentication.

The user argument is the login name of the user to be authenticated.

The class argument is the login class of the user to be authenticated and is used to look up /etc/login.conf variables (see below). It is also sent to authsrv for logging purposes. If no class argument is specified, the class will be obtained from the password database.

login_tis will connect to authsrv and, depending on the desired protocol, will do one of three things:

login

Present user with a challenge, accept a response and report back to the invoking program whether or not the authentication was successful.

challenge

Return a challenge for user if the user's entry in authsrv specifies a challenge/response style of authentication.

response

Send a response to authsrv and report back to the invoking program whether or not the server accepted it.

LOGIN.CONF VARIABLES

tis-keyfile

Path to a file containing a DES key string to be used for encrypting communications end to end with authsrv. This file must not be readable or writable by users other than root. If no tis-keyfile is specified, communication with authsrv will be sent in clear text.

tis-port

Symbolic name listed in services(5) or port number on which authsrv listens. Defaults to port 7777.

tis-server

Hostname or IP address of the TIS authsrv daemon to connect to. Defaults to “localhost”.

tis-server-alt

Alternate server to use when the primary is not reachable.

tis-timeout

Number of seconds to wait for a response from authsrv. Defaults to 15 seconds.

SEE ALSO