diff options
author | sheldonh <sheldonh@FreeBSD.org> | 2000-03-02 09:14:21 +0000 |
---|---|---|
committer | sheldonh <sheldonh@FreeBSD.org> | 2000-03-02 09:14:21 +0000 |
commit | 329223e6f229a55ee8fed800f358f30e994ed749 (patch) | |
tree | 5d5e6c715ccfb778a29f10e1ea16f06731edbda8 /lib/libskey | |
parent | 05f0a865546b5e0b902987be72a75a7b0ef85d09 (diff) | |
download | FreeBSD-src-329223e6f229a55ee8fed800f358f30e994ed749.zip FreeBSD-src-329223e6f229a55ee8fed800f358f30e994ed749.tar.gz |
Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
Diffstat (limited to 'lib/libskey')
-rw-r--r-- | lib/libskey/skey.1 | 9 | ||||
-rw-r--r-- | lib/libskey/skey.access.5 | 18 |
2 files changed, 18 insertions, 9 deletions
diff --git a/lib/libskey/skey.1 b/lib/libskey/skey.1 index 6038d61..8ab4ac7 100644 --- a/lib/libskey/skey.1 +++ b/lib/libskey/skey.1 @@ -11,8 +11,10 @@ S/key \- A procedure to use one time passwords for accessing computer systems. .SH DESCRIPTION .I S/key is a procedure for using one time password to authenticate access to -computer systems. It uses 64 bits of information transformed by the -MD4 algorithm. The user supplies the 64 bits in the form of 6 English +computer systems. +It uses 64 bits of information transformed by the +MD4 algorithm. +The user supplies the 64 bits in the form of 6 English words that are generated by a secure computer. Example use of the S/key program .I key @@ -28,7 +30,8 @@ Example use of the S/key program > .sp The programs that are part of the S/Key system are keyinit, key, and -keyinfo. Keyinit is used to get your ID set up, key is +keyinfo. +Keyinit is used to get your ID set up, key is used to get the one time password each time, keyinfo is used to extract information from the S/Key database. .sp diff --git a/lib/libskey/skey.access.5 b/lib/libskey/skey.access.5 index caeb56d..400227e 100644 --- a/lib/libskey/skey.access.5 +++ b/lib/libskey/skey.access.5 @@ -33,12 +33,15 @@ where .I permit and .I deny -may be followed by zero or more conditions. Comments begin with a `#\' +may be followed by zero or more conditions. +Comments begin with a `#\' character, and extend through the end of the line. Empty lines or lines with only comments are ignored. .PP -A rule is matched when all conditions are satisfied. A rule without -conditions is always satisfied. For example, the last entry could +A rule is matched when all conditions are satisfied. +A rule without +conditions is always satisfied. +For example, the last entry could be a line with just the word .I deny on it. @@ -102,7 +105,8 @@ use network software that discards source routing information (e.g. a tcp wrapper). .PP Almost every network server must look up the client host name using the -client network address. The next obvious attack therefore is: +client network address. +The next obvious attack therefore is: .IP "Host name spoofing (bad PTR record)" An intruder manipulates the name server system so that the client network address resolves to the name of a trusted host. Given the @@ -115,7 +119,8 @@ network software that verifies that the hostname resolves to the client network address (e.g. a tcp wrapper). .PP Some applications, such as the UNIX login program, must look up the -client network address using the client host name. In addition to the +client network address using the client host name. +In addition to the previous two attacks, this opens up yet another possibility: .IP "Host address spoofing (extra A record)" An intruder manipulates the name server system so that the client host @@ -125,7 +130,8 @@ Remedies: (1) do not permit UNIX passwords with network logins; (2) the skeyaccess() routines ignore network addresses that appear to belong to someone else. .SH DIAGNOSTICS -Syntax errors are reported to the syslogd. When an error is found +Syntax errors are reported to the syslogd. +When an error is found the rule is skipped. .SH FILES /etc/skey.access, password control table |