src/usr.bin/skeyinit/skeyinit.1 - annotate

Return to skeyinit.1 CVS log
Up to [local] / src / usr.bin / skeyinit
Annotation of src/usr.bin/skeyinit/skeyinit.1, Revision 1.17

1.17    ! aaron       1: .\"    $OpenBSD: skeyinit.1,v 1.16 2000/03/23 21:10:19 aaron Exp $
1.1       deraadt     2: .\"    $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
                      3: .\"    @(#)skeyinit.1  1.1     10/28/93
                      4: .\"
1.11      millert     5: .Dd February 24, 1998
1.1       deraadt     6: .Dt SKEYINIT 1
1.8       michaels    7: .Os
1.1       deraadt     8: .Sh NAME
1.7       millert     9: .Nm skeyinit
1.14      aaron      10: .Nd change password or add user to S/Key authentication system
1.1       deraadt    11: .Sh SYNOPSIS
                     12: .Nm skeyinit
                     13: .Op Fl s
1.2       deraadt    14: .Op Fl z
1.9       millert    15: .Op Fl n Ar count
1.15      millert    16: .Oo
                     17: .Fl md4 | Fl md5 | Fl sha1 |
                     18: .Fl rmd160
                     19: .Oc
1.1       deraadt    20: .Op Ar user
                     21: .Sh DESCRIPTION
1.16      aaron      22: .Nm
                     23: initializes the system so you can use S/Key one-time passwords to login.
                     24: The program will ask you to enter a secret pass phrase;
1.17    ! aaron      25: enter a phrase of several words in response.
        !            26: After the S/Key database
1.7       millert    27: has been updated you can login using either your regular password
                     28: or using S/Key one-time passwords.
                     29: .Pp
1.16      aaron      30: .Nm
1.7       millert    31: requires you to type a secret password, so it should be used
1.16      aaron      32: only on a secure terminal.
                     33: For example, on the console of a
                     34: workstation or over an encrypted network session.
                     35: If you are using
                     36: .Nm
1.7       millert    37: while logged in over an untrusted network, follow the instructions
                     38: given below with the
                     39: .Fl s
                     40: option.
                     41: .Pp
                     42: Before initializing an S/Key entry, the user must authenticate
1.16      aaron      43: using either a standard password or an S/Key challenge.
                     44: When used over an untrusted network, a password of
1.7       millert    45: .Sq s/key
1.16      aaron      46: should be used.
                     47: The user will then be presented with the standard
1.7       millert    48: S/Key challenge and allowed to proceed if it is correct.
1.1       deraadt    49: .Sh OPTIONS
1.11      millert    50: .Bl -tag -width XXXXXXX
1.4       millert    51: .It Fl x
1.12      aaron      52: Displays pass phrase in hexadecimal instead of ASCII.
1.1       deraadt    53: .It Fl s
1.7       millert    54: Set secure mode where the user is expected to have used a secure
1.16      aaron      55: machine to generate the first one-time password.
                     56: Without the
1.7       millert    57: .Fl s
1.12      aaron      58: option the system will assume you are directly connected over secure
1.16      aaron      59: communications and prompt you for your secret password.
                     60: The
1.7       millert    61: .Fl s
                     62: option also allows one to set the seed and count for complete
1.16      aaron      63: control of the parameters.
                     64: You can use
                     65: .Ic skeyinit -s
1.7       millert    66: in combination with the
1.1       deraadt    67: .Nm skey
1.7       millert    68: command to set the seed and count if you do not like the defaults.
                     69: To do this run
1.16      aaron      70: .Nm
1.7       millert    71: in one window and put in your count and seed, then run
                     72: .Nm skey
1.13      aaron      73: in another window to generate the correct 6 English words for that
1.16      aaron      74: count and seed.
                     75: You can then "cut-and-paste" or type the words into the
                     76: .Nm
1.7       millert    77: window.
1.2       deraadt    78: .It Fl z
1.7       millert    79: Allows the user to zero their S/Key entry.
1.9       millert    80: .It Fl n Ar count
                     81: Start the
                     82: .Nm skey
                     83: sequence at
                     84: .Ar count
                     85: (default is 100).
1.5       millert    86: .It Fl md4
                     87: Selects MD4 as the hash algorithm.
                     88: .It Fl md5
                     89: Selects MD5 as the hash algorithm.
                     90: .It Fl sha1
1.6       millert    91: Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
1.10      millert    92: .It Fl rmd160
                     93: Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
1.1       deraadt    94: .It Ar user
1.17    ! aaron      95: The username to be changed/added.
        !            96: By default the current user is operated on.
1.11      millert    97: .Sh ERRORS
                     98: .Bl -tag -width "skey disabled"
                     99: .It skey disabled
                    100: .Pa /etc/skeykeys
1.16      aaron     101: does not exist.
                    102: It must be created by the superuser in order to use
1.11      millert   103: .Nm skeyinit .
1.1       deraadt   104: .Sh FILES
                    105: .Bl -tag -width /etc/skeykeys
                    106: .It Pa /etc/skeykeys
1.12      aaron     107: database of information for S/Key system
1.1       deraadt   108: .Sh SEE ALSO
                    109: .Xr skey 1
                    110: .Sh AUTHORS
                    111: Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin