===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/skeyinit/skeyinit.1,v
retrieving revision 1.32
retrieving revision 1.33
diff -c -r1.32 -r1.33
*** src/usr.bin/skeyinit/skeyinit.1	2005/07/14 19:27:18	1.32
--- src/usr.bin/skeyinit/skeyinit.1	2005/08/03 09:20:30	1.33
***************
*** 1,4 ****
! .\"	$OpenBSD: skeyinit.1,v 1.32 2005/07/14 19:27:18 jmc Exp $
  .\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
  .\"	@(#)skeyinit.1	1.1 	10/28/93
  .\"
--- 1,4 ----
! .\"	$OpenBSD: skeyinit.1,v 1.33 2005/08/03 09:20:30 jmc Exp $
  .\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
  .\"	@(#)skeyinit.1	1.1 	10/28/93
  .\"
***************
*** 24,30 ****
  initializes the system so you can use S/Key one-time passwords to log in.
  The program will ask you to enter a secret passphrase which is used by
  .Xr skey 1
! to generate one-time passwords;
  enter a phrase of several words in response.
  After the S/Key database
  has been updated you can log in using either your regular password
--- 24,30 ----
  initializes the system so you can use S/Key one-time passwords to log in.
  The program will ask you to enter a secret passphrase which is used by
  .Xr skey 1
! to generate one-time passwords:
  enter a phrase of several words in response.
  After the S/Key database
  has been updated you can log in using either your regular password
***************
*** 44,52 ****
  .Pp
  Before initializing an S/Key entry, the user must authenticate
  using either a standard password or an S/Key challenge.
! To use a one-time password for initial authentication, the
! .Dq Fl a Li skey
! option can be used.
  The user will then be presented with the standard
  S/Key challenge and allowed to proceed if it is correct.
  .Pp
--- 44,52 ----
  .Pp
  Before initializing an S/Key entry, the user must authenticate
  using either a standard password or an S/Key challenge.
! To use a one-time password for initial authentication,
! .Ic skeyinit -a skey
! can be used.
  The user will then be presented with the standard
  S/Key challenge and allowed to proceed if it is correct.
  .Pp
***************
*** 68,74 ****
  The options are as follows:
  .Bl -tag -width Ds
  .It Fl a Ar auth-type
! Specify an authentication type such as
  .Dq krb5 ,
  .Dq passwd ,
  or
--- 68,76 ----
  The options are as follows:
  .Bl -tag -width Ds
  .It Fl a Ar auth-type
! Before an S/Key entry can be initialised,
! the user must authenticate themselves to the system.
! This option allows the authentication type to be specified, such as
  .Dq krb5 ,
  .Dq passwd ,
  or
***************
*** 104,110 ****
  .It Fl r
  Removes the user's S/Key entry.
  .It Fl s
! Set secure mode where the user is expected to have used a secure
  machine to generate the first one-time password.
  Without the
  .Fl s
--- 106,113 ----
  .It Fl r
  Removes the user's S/Key entry.
  .It Fl s
! Secure mode.
! The user is expected to have already used a secure
  machine to generate the first one-time password.
  Without the
  .Fl s
***************
*** 114,133 ****
  .Fl s
  option also allows one to set the seed and count for complete
  control of the parameters.
! You can use
! .Ic skeyinit -s
! in combination with the
! .Nm skey
! command to set the seed and count if you do not like the defaults.
! To do this run
! .Nm
! in one window and put in your count and seed, then run
! .Nm skey
! in another window to generate the correct 6 English words for that
! count and seed.
! You can then "cut-and-paste" or type the words into the
! .Nm
! window.
  When the
  .Fl s
  option is specified,
--- 117,123 ----
  .Fl s
  option also allows one to set the seed and count for complete
  control of the parameters.
! .Pp
  When the
  .Fl s
  option is specified,
***************
*** 137,147 ****
  If a user has no entry in the S/Key database, an alternate authentication
  type must be specified via the
  .Fl a
! option.
  Please note that entering a password or passphrase in plain text
  defeats the purpose of using
  .Dq secure
  mode.
  .It Fl x
  Displays one-time passwords in hexadecimal instead of ASCII.
  .It Ar user
--- 127,153 ----
  If a user has no entry in the S/Key database, an alternate authentication
  type must be specified via the
  .Fl a
! option
! (see above).
  Please note that entering a password or passphrase in plain text
  defeats the purpose of using
  .Dq secure
  mode.
+ .Pp
+ You can use
+ .Ic skeyinit -s
+ in combination with the
+ .Nm skey
+ command to set the seed and count if you do not like the defaults.
+ To do this run
+ .Ic skeyinit -s
+ in one window and put in your count and seed, then run
+ .Xr skey 1
+ in another window to generate the correct 6 English words for that
+ count and seed.
+ You can then "cut-and-paste" or type the words into the
+ .Nm
+ window.
  .It Fl x
  Displays one-time passwords in hexadecimal instead of ASCII.
  .It Ar user