freebsd-skq/usr.bin/keyinit/keyinit.1

91 lines
2.3 KiB
Groff
Raw Normal View History

.\" @(#)keyinit.1 1.0 (Bellcore) 7/20/93
1999-08-28 01:08:13 +00:00
.\" $FreeBSD$
.\"
1997-07-17 06:42:26 +00:00
.Dd July 20, 1993
.Dt KEYINIT 1
.Os
.Sh NAME
.Nm keyinit
.Nd change password or add user to S/Key authentication system
.Sh SYNOPSIS
.Nm
.Op Fl s
.Op Ar userID
.Sh DESCRIPTION
.Nm Keyinit
initializes the system so you can use S/Key one-time passwords to
login. The program will ask you to enter a secret pass phrase; enter a
phrase of several words in response.
After the S/Key database has been
updated you can login using either your regular UNIX password or using
S/Key one-time passwords.
1997-07-17 06:42:26 +00:00
.Pp
When logging in from another machine you can avoid typing a real
password over the network, by typing your S/Key pass phrase to the
1997-07-17 06:42:26 +00:00
.Nm key
command on the local machine: the program will respond with
the one-time password that you should use to log into the remote
machine. This is most conveniently done with cut-and-paste operations
using a mouse. Alternatively, you can pre-compute one-time passwords
1997-07-17 06:42:26 +00:00
using the
.Nm key
command and carry them with you on a piece of paper.
.Pp
.Nm Keyinit
requires you to type your secret password, so it should
be used only on a secure terminal.
For example, on the console of a
workstation.
If you are using
1997-07-17 06:42:26 +00:00
.Nm
while logged in over an
untrusted network, follow the instructions given below with the
.Fl s
option.
1997-07-17 06:42:26 +00:00
.Sh OPTIONS
.Bl -tag -width indent
.It Fl s
Set secure mode where the user is expected to have used a secure
1997-07-17 06:42:26 +00:00
machine to generate the first one time password. Without the
.Fl s
the
system will assume you are direct connected over secure communications
and prompt you for your secret password.
1997-07-17 06:42:26 +00:00
The
.Fl s
option also allows one to set the seed and count for complete
control of the parameters. You can use
.Nm
.Fl s
in combination with
the
1997-07-17 06:42:26 +00:00
.Nm key
command to set the seed and count if you do not like the defaults.
1997-07-17 06:42:26 +00:00
To do this run
.Nm
in one window and put in your count and seed
then run
.Nm key
in another window to generate the correct 6 English words
for that count and seed.
You can then
1997-07-17 06:42:26 +00:00
"cut" and "paste" them or copy them into the
.Nm
window.
.It Ar userID
The ID for the user to be changed/added
.El
.Sh FILES
.Pa /etc/skeykeys
data base of information for S/Key system.
.Sh SEE ALSO
.Xr key 1 ,
.Xr keyinfo 1 ,
.Xr skey 1 ,
.Xr su 1
.Sh AUTHORS
Command by
.An Phil Karn ,
.An Neil M. Haller ,
.An John S. Walden