shithub: tlsclient

Download patch

ref: 7b6722df5d44de56329d2e4cfb0152c4397c945f
parent: f208e59263d823ebdd8f4160825be3de63556a10
author: Jacob Moody <moody@posixcafe.org>
date: Sun Sep 5 05:50:29 EDT 2021 

doc tidy


--- a/README
+++ b/README
@@ -27,16 +27,41 @@
 	not have PSK cipher suites. Tweak Make.config as required. Openssl is
 	only used for tlsclient and rcpu, login_-dp9ik does not require it.
 
+OpenBSD Authentication:
+	Build:
+		# Modify "char *authserver" in bsd.c to specify a default auth server
+		$ make login_-dp9ik
+	Testing:
+		./login_-dp9ik -d -v authserver="my.auth.server"
+		# you will see authenticate/reject print out on stdout
+		# for success/failure.
+	Install:
+		$ cp login_-dp9ik /usr/libexec/auth/
+	Config:
+		Modify the auth-defaults line of /etc/login.conf
+		to use the new executable. This will look something like:
 
-Configuring pam authentication:
-	Many systems configure PAM differently so defer to your OS
-	documentation for where to store pam_p9.so and which pam
-	configuration needs to be changed. Pam_p9.so accepts
-	a single argument within the pam configuration, that being
-	the auth server to use. Something akin to the following
-	should work as additions to a pam configuration.
+		auth-defaults:auth=-dp9ik,passwd,skey:
+	Notes:
+		OpenBSD requires that all users regardless of
+		authentication mechanism exist in /etc/passwd.
+		OpenBSD does not retry with other mechanisms
+		if one sends a rejection, this means all
+		users(including root) must exist within the
+		auth server.
 
-	auth sufficent pam_p9.so flan
-	account sufficent pam_p9.so flan
+PAM Authentication:
+	Build:
+		$ make pam_p9.so
+	Install and Config:
+		Many systems configure PAM differently so defer to your OS
+		documentation for where to store pam_p9.so and which pam
+		configuration needs to be changed. Pam_p9.so accepts
+		a single argument within the pam configuration, that being
+		the auth server to use. Something akin to the following
+		should work as additions to a pam configuration.
+
+		auth sufficent pam_p9.so flan
+		account sufficent pam_p9.so flan
 	
-	With flan being the hostname or ip of the desired auth server.
+		With "flan" being the hostname or ip of the desired auth server.