Recognize alternate authentication mechanisms
Author: name contact BSD flavour
Reviewer: name contact BSD flavour
Reviewer: name contact BSD flavour
Concept
Understand basic authentication theory and be aware that providing a username and password is only one way to authenticate on BSD systems. Have a basic understanding of PAM and know it is available on Dragonfly, FreeBSD and NetBSD 3.x. Also understand basic theory regarding Kerberos, OTP and RADIUS. (Note: The BSDA candidate is not expected to know how to configure an alternate authentication mechanism.)
Introduction
The Pluggable Authentication Modules (PAM)(((PAM))) framework is a set of libraries that provide authentication tasks for services and applications.
The Kerberos system authenticates individual users in a network environment.
OTP(((OTP))) - one-time passwords are another method authenticating to a system. skey(1) is an OTP authentication system available on NetBSD, OpenBSD and DragonFlyBSD. FreeBSD uses OPIE(4) - One-time Passwords In Everything.
The Remote Authentication Dial In User Service (RADIUS)(((RADIUS))). RADIUS, defined in RFCs 2865 and 2866, allows clients to perform authentication and accounting by means of network requests to remote servers.