one-time password user database
directory contains user records
for the S/Key one-time password authentication system.
Records take the form of files within
where each file is named for the
user whose record it contains. For example,
would hold root's S/Key
The mode for /etc/skey
should be 01730 and it
should be owned by root and group auth. Individual records within
should be owned by the user they
describe and be mode 0600. To access S/Key records, a process must run as
Each record consists of five lines:
- The name of the user the record describes. This should be the same as the
name of the file.
- The hash type used for this entry; one of md5, sha1, or rmd160. The
default is md5.
- The sequence number. This is a decimal number between one and one
thousand. Each time the user authenticates via S/Key this number is
decremented by one.
- A seed used along with the sequence number and the six S/Key words to
compute the value.
- The value expected from the crunching of the user's seed, sequence number
and the six S/Key words. When the result matches this value,
authentication is considered to have been successful.
Here is a sample /etc/skey
file for root: