Annotation of src/usr.bin/skeyinit/skeyinit.1, Revision 1.14
1.14 ! aaron 1: .\" $OpenBSD: skeyinit.1,v 1.13 1998/09/27 20:24:31 aaron Exp $
1.1 deraadt 2: .\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
3: .\" @(#)skeyinit.1 1.1 10/28/93
4: .\"
1.11 millert 5: .Dd February 24, 1998
1.1 deraadt 6: .Dt SKEYINIT 1
1.8 michaels 7: .Os
1.1 deraadt 8: .Sh NAME
1.7 millert 9: .Nm skeyinit
1.14 ! aaron 10: .Nd change password or add user to S/Key authentication system
1.1 deraadt 11: .Sh SYNOPSIS
12: .Nm skeyinit
13: .Op Fl s
1.2 deraadt 14: .Op Fl z
1.9 millert 15: .Op Fl n Ar count
1.1 deraadt 16: .Op Ar user
17: .Sh DESCRIPTION
18: .Nm skeyinit
1.7 millert 19: initializes the system so you can use S/Key one-time passwords
20: to login. The program will ask you to enter a secret pass phrase;
21: enter a phrase of several words in response. After the S/Key database
22: has been updated you can login using either your regular password
23: or using S/Key one-time passwords.
24: .Pp
25: .Nm skeyinit
26: requires you to type a secret password, so it should be used
27: only on a secure terminal. For example, on the console of a
28: workstation or over an encrypted network session. If you are
29: using
30: .Nm skeyinit
31: while logged in over an untrusted network, follow the instructions
32: given below with the
33: .Fl s
34: option.
35: .Pp
36: Before initializing an S/Key entry, the user must authenticate
37: using either a standard password or an S/Key challenge. When used
38: over an untrusted network, a password of
39: .Sq s/key
40: should be used. The user will then be presented with the standard
41: S/Key challenge and allowed to proceed if it is correct.
1.1 deraadt 42: .Sh OPTIONS
1.11 millert 43: .Bl -tag -width XXXXXXX
1.4 millert 44: .It Fl x
1.12 aaron 45: Displays pass phrase in hexadecimal instead of ASCII.
1.1 deraadt 46: .It Fl s
1.7 millert 47: Set secure mode where the user is expected to have used a secure
1.12 aaron 48: machine to generate the first one-time password. Without the
1.7 millert 49: .Fl s
1.12 aaron 50: option the system will assume you are directly connected over secure
1.7 millert 51: communications and prompt you for your secret password. The
52: .Fl s
53: option also allows one to set the seed and count for complete
54: control of the parameters. You can use
55: .Dq skeyinit -s
56: in combination with the
1.1 deraadt 57: .Nm skey
1.7 millert 58: command to set the seed and count if you do not like the defaults.
59: To do this run
60: .Nm skeyinit
61: in one window and put in your count and seed, then run
62: .Nm skey
1.13 aaron 63: in another window to generate the correct 6 English words for that
1.7 millert 64: count and seed. You can then "cut-and-paste" or type the words into the
65: .Nm skeyinit
66: window.
1.2 deraadt 67: .It Fl z
1.7 millert 68: Allows the user to zero their S/Key entry.
1.9 millert 69: .It Fl n Ar count
70: Start the
71: .Nm skey
72: sequence at
73: .Ar count
74: (default is 100).
1.5 millert 75: .It Fl md4
76: Selects MD4 as the hash algorithm.
77: .It Fl md5
78: Selects MD5 as the hash algorithm.
79: .It Fl sha1
1.6 millert 80: Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
1.10 millert 81: .It Fl rmd160
82: Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
1.1 deraadt 83: .It Ar user
1.7 millert 84: The username to be changed/added. By default the current user is
1.1 deraadt 85: operated on.
1.11 millert 86: .Sh ERRORS
87: .Bl -tag -width "skey disabled"
88: .It skey disabled
89: .Pa /etc/skeykeys
90: does not exist. It must be created by the superuser in order to use
91: .Nm skeyinit .
1.1 deraadt 92: .Sh FILES
93: .Bl -tag -width /etc/skeykeys
94: .It Pa /etc/skeykeys
1.12 aaron 95: database of information for S/Key system
1.1 deraadt 96: .Sh SEE ALSO
97: .Xr skey 1
98: .Sh AUTHORS
99: Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin