Annotation of src/usr.bin/skeyinit/skeyinit.1, Revision 1.20
1.20 ! millert 1: .\" $OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $
1.1 deraadt 2: .\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
3: .\" @(#)skeyinit.1 1.1 10/28/93
4: .\"
1.11 millert 5: .Dd February 24, 1998
1.1 deraadt 6: .Dt SKEYINIT 1
1.8 michaels 7: .Os
1.1 deraadt 8: .Sh NAME
1.7 millert 9: .Nm skeyinit
1.14 aaron 10: .Nd change password or add user to S/Key authentication system
1.1 deraadt 11: .Sh SYNOPSIS
12: .Nm skeyinit
13: .Op Fl s
1.2 deraadt 14: .Op Fl z
1.9 millert 15: .Op Fl n Ar count
1.15 millert 16: .Oo
17: .Fl md4 | Fl md5 | Fl sha1 |
18: .Fl rmd160
19: .Oc
1.1 deraadt 20: .Op Ar user
21: .Sh DESCRIPTION
1.16 aaron 22: .Nm
23: initializes the system so you can use S/Key one-time passwords to login.
24: The program will ask you to enter a secret pass phrase;
1.17 aaron 25: enter a phrase of several words in response.
26: After the S/Key database
1.7 millert 27: has been updated you can login using either your regular password
28: or using S/Key one-time passwords.
29: .Pp
1.16 aaron 30: .Nm
1.7 millert 31: requires you to type a secret password, so it should be used
1.16 aaron 32: only on a secure terminal.
33: For example, on the console of a
34: workstation or over an encrypted network session.
35: If you are using
36: .Nm
1.7 millert 37: while logged in over an untrusted network, follow the instructions
38: given below with the
39: .Fl s
40: option.
41: .Pp
42: Before initializing an S/Key entry, the user must authenticate
1.16 aaron 43: using either a standard password or an S/Key challenge.
44: When used over an untrusted network, a password of
1.7 millert 45: .Sq s/key
1.16 aaron 46: should be used.
47: The user will then be presented with the standard
1.7 millert 48: S/Key challenge and allowed to proceed if it is correct.
1.18 aaron 49: .Pp
50: The options are as follows:
1.19 aaron 51: .Bl -tag -width Ds
1.4 millert 52: .It Fl x
1.12 aaron 53: Displays pass phrase in hexadecimal instead of ASCII.
1.1 deraadt 54: .It Fl s
1.7 millert 55: Set secure mode where the user is expected to have used a secure
1.16 aaron 56: machine to generate the first one-time password.
57: Without the
1.7 millert 58: .Fl s
1.12 aaron 59: option the system will assume you are directly connected over secure
1.16 aaron 60: communications and prompt you for your secret password.
61: The
1.7 millert 62: .Fl s
63: option also allows one to set the seed and count for complete
1.16 aaron 64: control of the parameters.
65: You can use
66: .Ic skeyinit -s
1.7 millert 67: in combination with the
1.1 deraadt 68: .Nm skey
1.7 millert 69: command to set the seed and count if you do not like the defaults.
70: To do this run
1.16 aaron 71: .Nm
1.7 millert 72: in one window and put in your count and seed, then run
73: .Nm skey
1.13 aaron 74: in another window to generate the correct 6 English words for that
1.16 aaron 75: count and seed.
76: You can then "cut-and-paste" or type the words into the
77: .Nm
1.7 millert 78: window.
1.2 deraadt 79: .It Fl z
1.7 millert 80: Allows the user to zero their S/Key entry.
1.9 millert 81: .It Fl n Ar count
82: Start the
83: .Nm skey
84: sequence at
85: .Ar count
86: (default is 100).
1.5 millert 87: .It Fl md4
88: Selects MD4 as the hash algorithm.
89: .It Fl md5
90: Selects MD5 as the hash algorithm.
91: .It Fl sha1
1.6 millert 92: Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
1.10 millert 93: .It Fl rmd160
94: Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
1.1 deraadt 95: .It Ar user
1.17 aaron 96: The username to be changed/added.
97: By default the current user is operated on.
1.18 aaron 98: .El
1.11 millert 99: .Sh ERRORS
1.20 ! millert 100: .Bl -tag -compact -width "skey disabled"
! 101: .It "skey disabled"
1.11 millert 102: .Pa /etc/skeykeys
1.16 aaron 103: does not exist.
104: It must be created by the superuser in order to use
1.11 millert 105: .Nm skeyinit .
1.20 ! millert 106: .El
1.1 deraadt 107: .Sh FILES
108: .Bl -tag -width /etc/skeykeys
109: .It Pa /etc/skeykeys
1.12 aaron 110: database of information for S/Key system
1.20 ! millert 111: .El
1.1 deraadt 112: .Sh SEE ALSO
113: .Xr skey 1
114: .Sh AUTHORS
115: Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin