1994-05-19 18:13:11 +00:00
|
|
|
.\" @(#)keyinit.1 1.0 (Bellcore) 7/20/93
|
1999-07-12 20:24:20 +00:00
|
|
|
.\" $Id$
|
1994-05-19 18:13:11 +00:00
|
|
|
.\"
|
1997-07-17 06:42:26 +00:00
|
|
|
.Dd July 20, 1993
|
|
|
|
.Dt KEYINIT 1
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm keyinit
|
|
|
|
.Nd change password or add user to S/Key authentication system
|
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm
|
|
|
|
.Op Fl s
|
|
|
|
.Op Ar userID
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
.Nm Keyinit
|
1994-05-19 18:13:11 +00:00
|
|
|
initializes the system so you can use S/Key one-time passwords to
|
|
|
|
login. The program will ask you to enter a secret pass phrase; enter a
|
|
|
|
phrase of several words in response. After the S/Key database has been
|
|
|
|
updated you can login using either your regular UNIX password or using
|
|
|
|
S/Key one-time passwords.
|
1997-07-17 06:42:26 +00:00
|
|
|
.Pp
|
1994-05-19 18:13:11 +00:00
|
|
|
When logging in from another machine you can avoid typing a real
|
|
|
|
password over the network, by typing your S/Key pass phrase to the
|
1997-07-17 06:42:26 +00:00
|
|
|
.Nm key
|
|
|
|
command on the local machine: the program will respond with
|
1994-05-19 18:13:11 +00:00
|
|
|
the one-time password that you should use to log into the remote
|
|
|
|
machine. This is most conveniently done with cut-and-paste operations
|
|
|
|
using a mouse. Alternatively, you can pre-compute one-time passwords
|
1997-07-17 06:42:26 +00:00
|
|
|
using the
|
|
|
|
.Nm key
|
|
|
|
command and carry them with you on a piece of paper.
|
|
|
|
.Pp
|
|
|
|
.Nm Keyinit
|
|
|
|
requires you to type your secret password, so it should
|
1994-05-19 18:13:11 +00:00
|
|
|
be used only on a secure terminal. For example, on the console of a
|
1997-07-17 06:42:26 +00:00
|
|
|
workstation. If you are using
|
|
|
|
.Nm
|
|
|
|
while logged in over an
|
|
|
|
untrusted network, follow the instructions given below with the
|
|
|
|
.Fl s
|
1994-05-19 18:13:11 +00:00
|
|
|
option.
|
1997-07-17 06:42:26 +00:00
|
|
|
.Sh OPTIONS
|
|
|
|
.Bl -tag -width indent
|
|
|
|
.It Fl s
|
1994-05-19 18:13:11 +00:00
|
|
|
Set secure mode where the user is expected to have used a secure
|
1997-07-17 06:42:26 +00:00
|
|
|
machine to generate the first one time password. Without the
|
|
|
|
.Fl s
|
|
|
|
the
|
1994-05-19 18:13:11 +00:00
|
|
|
system will assume you are direct connected over secure communications
|
|
|
|
and prompt you for your secret password.
|
1997-07-17 06:42:26 +00:00
|
|
|
The
|
|
|
|
.Fl s
|
|
|
|
option also allows one to set the seed and count for complete
|
|
|
|
control of the parameters. You can use
|
|
|
|
.Nm
|
|
|
|
.Fl s
|
|
|
|
in combination with
|
1994-05-19 18:13:11 +00:00
|
|
|
the
|
1997-07-17 06:42:26 +00:00
|
|
|
.Nm key
|
1994-05-19 18:13:11 +00:00
|
|
|
command to set the seed and count if you do not like the defaults.
|
1997-07-17 06:42:26 +00:00
|
|
|
To do this run
|
|
|
|
.Nm
|
|
|
|
in one window and put in your count and seed
|
|
|
|
then run
|
|
|
|
.Nm key
|
|
|
|
in another window to generate the correct 6 English words
|
1994-05-19 18:13:11 +00:00
|
|
|
for that count and seed. You can then
|
1997-07-17 06:42:26 +00:00
|
|
|
"cut" and "paste" them or copy them into the
|
|
|
|
.Nm
|
|
|
|
window.
|
|
|
|
.It Ar userID
|
|
|
|
The ID for the user to be changed/added
|
|
|
|
.El
|
|
|
|
.Sh FILES
|
|
|
|
.Pa /etc/skeykeys
|
|
|
|
data base of information for S/Key system.
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr key 1 ,
|
|
|
|
.Xr keyinfo 1 ,
|
|
|
|
.Xr skey 1 ,
|
|
|
|
.Xr su 1
|
1998-03-23 07:48:45 +00:00
|
|
|
.Sh AUTHORS
|
|
|
|
Command by
|
|
|
|
.An Phil Karn ,
|
|
|
|
.An Neil M. Haller ,
|
|
|
|
.An John S. Walden
|