Annotation of src/usr.bin/skeyinit/skeyinit.1, Revision 1.7
1.7 ! millert 1: .\" $OpenBSD: skeyinit.1,v 1.6 1996/09/29 23:04:58 millert Exp $
1.1 deraadt 2: .\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
3: .\" @(#)skeyinit.1 1.1 10/28/93
4: .\"
5: .Dd 28 October 1993
6: .Dt SKEYINIT 1
7: .Os NetBSD 4
8: .Sh NAME
1.7 ! millert 9: .Nm skeyinit
1.1 deraadt 10: .Nd change password or add user to S/Key authentication system.
11: .Sh SYNOPSIS
12: .Nm skeyinit
13: .Op Fl s
1.2 deraadt 14: .Op Fl z
1.1 deraadt 15: .Op Ar user
16: .Sh DESCRIPTION
17: .Nm skeyinit
1.7 ! millert 18: initializes the system so you can use S/Key one-time passwords
! 19: to login. The program will ask you to enter a secret pass phrase;
! 20: enter a phrase of several words in response. After the S/Key database
! 21: has been updated you can login using either your regular password
! 22: or using S/Key one-time passwords.
! 23: .Pp
! 24: .Nm skeyinit
! 25: requires you to type a secret password, so it should be used
! 26: only on a secure terminal. For example, on the console of a
! 27: workstation or over an encrypted network session. If you are
! 28: using
! 29: .Nm skeyinit
! 30: while logged in over an untrusted network, follow the instructions
! 31: given below with the
! 32: .Fl s
! 33: option.
! 34: .Pp
! 35: Before initializing an S/Key entry, the user must authenticate
! 36: using either a standard password or an S/Key challenge. When used
! 37: over an untrusted network, a password of
! 38: .Sq s/key
! 39: should be used. The user will then be presented with the standard
! 40: S/Key challenge and allowed to proceed if it is correct.
1.1 deraadt 41: .Sh OPTIONS
42: .Bl -tag -width Ds
1.4 millert 43: .It Fl x
1.7 ! millert 44: Displays pass phrase in hexidecimal instead of ASCII.
1.1 deraadt 45: .It Fl s
1.7 ! millert 46: Set secure mode where the user is expected to have used a secure
! 47: machine to generate the first one time password. Without the
! 48: .Fl s
! 49: the system will assume you are direct connected over secure
! 50: communications and prompt you for your secret password. The
! 51: .Fl s
! 52: option also allows one to set the seed and count for complete
! 53: control of the parameters. You can use
! 54: .Dq skeyinit -s
! 55: in combination with the
1.1 deraadt 56: .Nm skey
1.7 ! millert 57: command to set the seed and count if you do not like the defaults.
! 58: To do this run
! 59: .Nm skeyinit
! 60: in one window and put in your count and seed, then run
! 61: .Nm skey
! 62: in another window to generate the correct 6 english words for that
! 63: count and seed. You can then "cut-and-paste" or type the words into the
! 64: .Nm skeyinit
! 65: window.
1.2 deraadt 66: .It Fl z
1.7 ! millert 67: Allows the user to zero their S/Key entry.
1.5 millert 68: .It Fl md4
69: Selects MD4 as the hash algorithm.
70: .It Fl md5
71: Selects MD5 as the hash algorithm.
72: .It Fl sha1
1.6 millert 73: Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
1.1 deraadt 74: .It Ar user
1.7 ! millert 75: The username to be changed/added. By default the current user is
1.1 deraadt 76: operated on.
77: .Sh FILES
78: .Bl -tag -width /etc/skeykeys
79: .It Pa /etc/skeykeys
80: data base of information for S/Key system.
81: .Sh SEE ALSO
82: .Xr skey 1
83: .Sh AUTHORS
84: Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin