password user database
directory contains user records for
the S/Key one-time password authentication system.
Records take the form of files within /etc/skey
where each file is named for the user whose record it contains. For example,
would hold root's S/Key record.
The mode for /etc/skey
should be 01730 and it
should be owned by root and group auth. Individual records within
should be owned by the user they
describe and be mode 0600. To access S/Key records, a process must run as
Each record consists of five lines:
- The name of the user the record describes. This should be
the same as the name of the file.
- The hash type used for this entry; one of md5, sha1, or
rmd160. The default is md5.
- The sequence number. This is a decimal number between one
and one thousand. Each time the user authenticates via S/Key this number
is decremented by one.
- A seed used along with the sequence number and the six
S/Key words to compute the value.
- The value expected from the crunching of the user's seed,
sequence number and the six S/Key words. When the result matches this
value, authentication is considered to have been successful.
Here is a sample /etc/skey
file for root: