NOTE: The 'idpb.a.uue'  file is a uuencoded library for Enigma Logic. Use
      uudecode to create the 'idpb.a' C library.

Introduction
============

This directory contains sample code of how to build a authentication
program for use with the XTACACS daemon. The sample program will act
as the liasion between the XTACACS world and that of the tokencard
authentication system.

The example here illustrates the use of Enigma Logic Inc. Safeword
system that is currently marketed as an end-to-end system for 
various platforms (IBM Mainframe to PC). One nice feature of Enigma's
system is the independance on the type (and brand) of tokencard you
use.

Special Instructions
====================


Thanks to the folks at Enigma, this example is pretty much complete.
Ensure that the file /etc/.safeword is defined for your system and contains
the following line:

	IDDIR=/users/enigma/safelog

This indicates to any program using the Enigma Logic API where you
keep Safeword's database files (those ending in .enc).


Overview
========

The following is a (simplistic) overview of what happens when an tokencard
authentication request is made. Here the user is logging into a Communication
Server, a Cisco product that can speak the XTACACS code:

1) User log's into the Communication Server using his given username "user"
   and uses a TokenCard to generate a password, "password".

2) Communication Server makes a XTACACS request to autenticate "user" and
   password "password". The request is sent the xtacacs server, configured
   for that server (or list of xtacacs servers...)

3) The xtacacs server receives the authentication request, and starts
   scanning the password file(s) defined in the config file for the entry
   for "user". Once a match is found, and if and only if the xtacacs daemon
   is running with the "-t" option, the password field for entry "user" is
   looked at. If the password field for entry "user" matches the keyword
   "tokencard" (a user-defined option), then the stub program is called (also
   a user-defined option) with the parameters "user" and "password" as 
   arguments.

4) The stub program is called with "user" and "password" as arguments. Use
   it's magic to determine if that user has entered the correct password
   using his tokencard. If authentication is successfull, the stub-program
   returns a 1, otherwise 0 for failure.

5) The xtacacs server receives a "1" for success from the stub-program. This
   is reflected back to the user, by the a successfull authentication reply
   to the communication server.


Acknoledgements
===============


* Thanks to the folks at Enigma Logic for providing much of the code, 
  especially Tom Brady, tbrady@netcom.com.


