one-time password user database
directory contains user records for the
S/Key one-time password authentication system.
Records take the form of files within
/etc/skey where each file is named for the user
whose record it contains. For example,
/etc/skey/root would hold root's S/Key record.
The mode for /etc/skey should be 01730 and
it should be owned by root and group auth. Individual records within
/etc/skey should be owned by the user they describe
and be mode 0600. To access S/Key records, a process must run as group
Each record consists of five lines:
Here is a sample /etc/skey file for root:
- The name of the user the record describes. This should be the same as the
name of the file.
- The hash type used for this entry; one of md5, sha1, or rmd160. The
default is md5.
- The sequence number. This is a decimal number between one and one
thousand. Each time the user authenticates via S/Key this number is
decremented by one.
- A seed used along with the sequence number and the six S/Key words to
compute the value.
- The value expected from the crunching of the user's seed, sequence number
and the six S/Key words. When the result matches this value,
authentication is considered to have been successful.