From b4dd89037bb7c6ccd45eb36e21d058671e6454c5 Mon Sep 17 00:00:00 2001
From: jkoshy <jkoshy@FreeBSD.org>
Date: Mon, 18 May 1998 09:36:31 +0000
Subject: Add warning about interaction of S/Key and login(1) for users without
 S/Key passwords attempting to invoke login(1) on a pty.

PR: 3289
---
 lib/libskey/skey.access.5 | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'lib/libskey')

diff --git a/lib/libskey/skey.access.5 b/lib/libskey/skey.access.5
index 2e12ad1..9fff8f9 100644
--- a/lib/libskey/skey.access.5
+++ b/lib/libskey/skey.access.5
@@ -76,6 +76,15 @@ For the sake of backwards compatibility, the
 .I internet
 keyword may be omitted from net/mask patterns.
 .SH WARNINGS
+When the S/Key control table (\fI/etc/skey.access\fR)
+exists, users without S/Key passwords will be able to login only
+where its rules allow the use of UNIX passwords.  In particular, this
+means that an invocation of \fIlogin(1)\fR in a pseudo-tty (e.g. from
+within \fIxterm(1)\fR or \fIscreen(1)\fR) will be treated as a login
+that is neither from the console nor from the network, mandating the use
+of an S/Key password.  Such an invocation of \fIlogin(1)\fR will necessarily 
+fail for those users who do not have an S/Key password.
+.PP
 Several rule types depend on host name or address information obtained
 through the network.  What follows is a list of conceivable attacks to
 force the system to permit UNIX passwords.
-- 
cgit v1.1