src/usr.bin/skeyinit/skeyinit.1 - annotate

Return to skeyinit.1 CVS log
Up to [local] / src / usr.bin / skeyinit
Annotation of src/usr.bin/skeyinit/skeyinit.1, Revision 1.20

1.20    ! millert     1: .\"    $OpenBSD: skeyinit.1,v 1.19 2000/11/09 17:52:39 aaron Exp $
1.1       deraadt     2: .\"    $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
                      3: .\"    @(#)skeyinit.1  1.1     10/28/93
                      4: .\"
1.11      millert     5: .Dd February 24, 1998
1.1       deraadt     6: .Dt SKEYINIT 1
1.8       michaels    7: .Os
1.1       deraadt     8: .Sh NAME
1.7       millert     9: .Nm skeyinit
1.14      aaron      10: .Nd change password or add user to S/Key authentication system
1.1       deraadt    11: .Sh SYNOPSIS
                     12: .Nm skeyinit
                     13: .Op Fl s
1.2       deraadt    14: .Op Fl z
1.9       millert    15: .Op Fl n Ar count
1.15      millert    16: .Oo
                     17: .Fl md4 | Fl md5 | Fl sha1 |
                     18: .Fl rmd160
                     19: .Oc
1.1       deraadt    20: .Op Ar user
                     21: .Sh DESCRIPTION
1.16      aaron      22: .Nm
                     23: initializes the system so you can use S/Key one-time passwords to login.
                     24: The program will ask you to enter a secret pass phrase;
1.17      aaron      25: enter a phrase of several words in response.
                     26: After the S/Key database
1.7       millert    27: has been updated you can login using either your regular password
                     28: or using S/Key one-time passwords.
                     29: .Pp
1.16      aaron      30: .Nm
1.7       millert    31: requires you to type a secret password, so it should be used
1.16      aaron      32: only on a secure terminal.
                     33: For example, on the console of a
                     34: workstation or over an encrypted network session.
                     35: If you are using
                     36: .Nm
1.7       millert    37: while logged in over an untrusted network, follow the instructions
                     38: given below with the
                     39: .Fl s
                     40: option.
                     41: .Pp
                     42: Before initializing an S/Key entry, the user must authenticate
1.16      aaron      43: using either a standard password or an S/Key challenge.
                     44: When used over an untrusted network, a password of
1.7       millert    45: .Sq s/key
1.16      aaron      46: should be used.
                     47: The user will then be presented with the standard
1.7       millert    48: S/Key challenge and allowed to proceed if it is correct.
1.18      aaron      49: .Pp
                     50: The options are as follows:
1.19      aaron      51: .Bl -tag -width Ds
1.4       millert    52: .It Fl x
1.12      aaron      53: Displays pass phrase in hexadecimal instead of ASCII.
1.1       deraadt    54: .It Fl s
1.7       millert    55: Set secure mode where the user is expected to have used a secure
1.16      aaron      56: machine to generate the first one-time password.
                     57: Without the
1.7       millert    58: .Fl s
1.12      aaron      59: option the system will assume you are directly connected over secure
1.16      aaron      60: communications and prompt you for your secret password.
                     61: The
1.7       millert    62: .Fl s
                     63: option also allows one to set the seed and count for complete
1.16      aaron      64: control of the parameters.
                     65: You can use
                     66: .Ic skeyinit -s
1.7       millert    67: in combination with the
1.1       deraadt    68: .Nm skey
1.7       millert    69: command to set the seed and count if you do not like the defaults.
                     70: To do this run
1.16      aaron      71: .Nm
1.7       millert    72: in one window and put in your count and seed, then run
                     73: .Nm skey
1.13      aaron      74: in another window to generate the correct 6 English words for that
1.16      aaron      75: count and seed.
                     76: You can then "cut-and-paste" or type the words into the
                     77: .Nm
1.7       millert    78: window.
1.2       deraadt    79: .It Fl z
1.7       millert    80: Allows the user to zero their S/Key entry.
1.9       millert    81: .It Fl n Ar count
                     82: Start the
                     83: .Nm skey
                     84: sequence at
                     85: .Ar count
                     86: (default is 100).
1.5       millert    87: .It Fl md4
                     88: Selects MD4 as the hash algorithm.
                     89: .It Fl md5
                     90: Selects MD5 as the hash algorithm.
                     91: .It Fl sha1
1.6       millert    92: Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
1.10      millert    93: .It Fl rmd160
                     94: Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
1.1       deraadt    95: .It Ar user
1.17      aaron      96: The username to be changed/added.
                     97: By default the current user is operated on.
1.18      aaron      98: .El
1.11      millert    99: .Sh ERRORS
1.20    ! millert   100: .Bl -tag -compact -width "skey disabled"
        !           101: .It "skey disabled"
1.11      millert   102: .Pa /etc/skeykeys
1.16      aaron     103: does not exist.
                    104: It must be created by the superuser in order to use
1.11      millert   105: .Nm skeyinit .
1.20    ! millert   106: .El
1.1       deraadt   107: .Sh FILES
                    108: .Bl -tag -width /etc/skeykeys
                    109: .It Pa /etc/skeykeys
1.12      aaron     110: database of information for S/Key system
1.20    ! millert   111: .El
1.1       deraadt   112: .Sh SEE ALSO
                    113: .Xr skey 1
                    114: .Sh AUTHORS
                    115: Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin