SecureNet Key (SNK) card access support for logdaemon

by William LeFebvre, Argonne National Laboratory

The files in this directory were written to augment the logdaemon
package with support for the Digital Pathways SecureNet Key access
cards.  The layout of the functions is very similar to the support for
S/Key.  These files are designed to be used with logdaemon version 4.8
and later.

The support package requires some implementation of the DES functions
"des_set_key" and "des_ecb_encrypt".  For development work, I used the
package libdes written by Eric Young (eay@psych.psy.uq.oz.au).

DES is NOT INCLUDED with this software.  You have to go get it on your
own.  The Makefile in this directory expects to find a sibling
directory ../des and expects that running make in that directory will
create "libdes.a".

There are two datafiles associated with SNK authentication:
/etc/snkcards and /etc/snkkeys.  The file snkcards assigns an SNK
serial number to each user who is "SNK-capable".  Each line in
snkcards defines one such association.  The file snkkeys defines the
DES key for each card and should be kept readable only by root.  The
lookup process consults snkcards to first determine a serial number
for the user in question, then it consults snkkeys to find the DES key
for that user.  Look in this directory for examples of these two
files.

The lookup software will also consult the NIS map snkcards.byname if
it cannot locate an entry for the user in snkcards.  HOWEVER, there is
NO NIS map equivalent for snkkeys.  The idea is that you order your
cards in batches, then with each batch you receive you assign the
cards DES keys, simultaneously programming the cards and building the
snkkeys file.  Then you go through the hassle of distributing the
master snkkeys file to all the affected hosts.  Once this is in place
issuing a specific card to an individual user is easy if you use NIS
to distribute the snkcards file among your hosts.  Also note that a
card is worthless for validation purposes unless its serial number
appears in snkcards.

Here is a description of the files in the current directory:

rand.c		defines the function "randomnumber" using whatever
		method is appropriate for the operating system

snk.c		basic support functions, "snk_verify"

snk.h		defines interface for accessing snk information
		stored in /etc/snkcards and /etc/snkkeys (also includes
		support for accessing YP map snkcards.byname)

snk_crypt.c	defines function snk_crypt

snk_encrypt.c	defines snk_encrypt, the lowest level encryption function:
		this interfaces directly with the des library

snk_ftp.c	defines "snk_ftpprompt", a function for formatting an
		appropriate prompt response for ftpd to use when
		responding to a "user" command.

snk_getpass.c	defines "snk_getpass", the function that reads passwords
		for login

snkaccess.c	interface to /etc/snk.access file (virtually identical 
		to skeyaccess)

snkcards	example snkcards file

snkfiles.c	get* functions for getting information from /etc/snkcards
		and /etc/snkkeys (and YP map snkcards.byname)

snkkey.c	standalone program for generating SNK keys

snkkeys		example snkkeys file

*.1		man pages
*.5		man pages
