Annotation of src/usr.bin/skeyinit/skeyinit.1, Revision 1.11
1.11 ! millert 1: .\" $OpenBSD: skeyinit.1,v 1.10 1997/07/17 05:48:40 millert Exp $
1.1 deraadt 2: .\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
3: .\" @(#)skeyinit.1 1.1 10/28/93
4: .\"
1.11 ! millert 5: .Dd February 24, 1998
1.1 deraadt 6: .Dt SKEYINIT 1
1.8 michaels 7: .Os
1.1 deraadt 8: .Sh NAME
1.7 millert 9: .Nm skeyinit
1.1 deraadt 10: .Nd change password or add user to S/Key authentication system.
11: .Sh SYNOPSIS
12: .Nm skeyinit
13: .Op Fl s
1.2 deraadt 14: .Op Fl z
1.9 millert 15: .Op Fl n Ar count
1.1 deraadt 16: .Op Ar user
17: .Sh DESCRIPTION
18: .Nm skeyinit
1.7 millert 19: initializes the system so you can use S/Key one-time passwords
20: to login. The program will ask you to enter a secret pass phrase;
21: enter a phrase of several words in response. After the S/Key database
22: has been updated you can login using either your regular password
23: or using S/Key one-time passwords.
24: .Pp
25: .Nm skeyinit
26: requires you to type a secret password, so it should be used
27: only on a secure terminal. For example, on the console of a
28: workstation or over an encrypted network session. If you are
29: using
30: .Nm skeyinit
31: while logged in over an untrusted network, follow the instructions
32: given below with the
33: .Fl s
34: option.
35: .Pp
36: Before initializing an S/Key entry, the user must authenticate
37: using either a standard password or an S/Key challenge. When used
38: over an untrusted network, a password of
39: .Sq s/key
40: should be used. The user will then be presented with the standard
41: S/Key challenge and allowed to proceed if it is correct.
1.1 deraadt 42: .Sh OPTIONS
1.11 ! millert 43: .Bl -tag -width XXXXXXX
1.4 millert 44: .It Fl x
1.7 millert 45: Displays pass phrase in hexidecimal instead of ASCII.
1.1 deraadt 46: .It Fl s
1.7 millert 47: Set secure mode where the user is expected to have used a secure
48: machine to generate the first one time password. Without the
49: .Fl s
50: the system will assume you are direct connected over secure
51: communications and prompt you for your secret password. The
52: .Fl s
53: option also allows one to set the seed and count for complete
54: control of the parameters. You can use
55: .Dq skeyinit -s
56: in combination with the
1.1 deraadt 57: .Nm skey
1.7 millert 58: command to set the seed and count if you do not like the defaults.
59: To do this run
60: .Nm skeyinit
61: in one window and put in your count and seed, then run
62: .Nm skey
63: in another window to generate the correct 6 english words for that
64: count and seed. You can then "cut-and-paste" or type the words into the
65: .Nm skeyinit
66: window.
1.2 deraadt 67: .It Fl z
1.7 millert 68: Allows the user to zero their S/Key entry.
1.9 millert 69: .It Fl n Ar count
70: Start the
71: .Nm skey
72: sequence at
73: .Ar count
74: (default is 100).
1.5 millert 75: .It Fl md4
76: Selects MD4 as the hash algorithm.
77: .It Fl md5
78: Selects MD5 as the hash algorithm.
79: .It Fl sha1
1.6 millert 80: Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
1.10 millert 81: .It Fl rmd160
82: Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
1.1 deraadt 83: .It Ar user
1.7 millert 84: The username to be changed/added. By default the current user is
1.1 deraadt 85: operated on.
1.11 ! millert 86: .Sh ERRORS
! 87: .Bl -tag -width "skey disabled"
! 88: .It skey disabled
! 89: .Pa /etc/skeykeys
! 90: does not exist. It must be created by the superuser in order to use
! 91: .Nm skeyinit .
1.1 deraadt 92: .Sh FILES
93: .Bl -tag -width /etc/skeykeys
94: .It Pa /etc/skeykeys
95: data base of information for S/Key system.
96: .Sh SEE ALSO
97: .Xr skey 1
98: .Sh AUTHORS
99: Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin