1.\" $OpenBSD: skeyinit.1,v 1.11 1998/02/24 20:52:46 millert Exp $ 2.\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $ 3.\" @(#)skeyinit.1 1.1 10/28/93 4.\" 5.Dd February 24, 1998 6.Dt SKEYINIT 1 7.Os 8.Sh NAME 9.Nm skeyinit 10.Nd change password or add user to S/Key authentication system. 11.Sh SYNOPSIS 12.Nm skeyinit 13.Op Fl s 14.Op Fl z 15.Op Fl n Ar count 16.Op Ar user 17.Sh DESCRIPTION 18.Nm skeyinit 19initializes the system so you can use S/Key one-time passwords 20to login. The program will ask you to enter a secret pass phrase; 21enter a phrase of several words in response. After the S/Key database 22has been updated you can login using either your regular password 23or using S/Key one-time passwords. 24.Pp 25.Nm skeyinit 26requires you to type a secret password, so it should be used 27only on a secure terminal. For example, on the console of a 28workstation or over an encrypted network session. If you are 29using 30.Nm skeyinit 31while logged in over an untrusted network, follow the instructions 32given below with the 33.Fl s 34option. 35.Pp 36Before initializing an S/Key entry, the user must authenticate 37using either a standard password or an S/Key challenge. When used 38over an untrusted network, a password of 39.Sq s/key 40should be used. The user will then be presented with the standard 41S/Key challenge and allowed to proceed if it is correct. 42.Sh OPTIONS 43.Bl -tag -width XXXXXXX 44.It Fl x 45Displays pass phrase in hexidecimal instead of ASCII. 46.It Fl s 47Set secure mode where the user is expected to have used a secure 48machine to generate the first one time password. Without the 49.Fl s 50the system will assume you are direct connected over secure 51communications and prompt you for your secret password. The 52.Fl s 53option also allows one to set the seed and count for complete 54control of the parameters. You can use 55.Dq skeyinit -s 56in combination with the 57.Nm skey 58command to set the seed and count if you do not like the defaults. 59To do this run 60.Nm skeyinit 61in one window and put in your count and seed, then run 62.Nm skey 63in another window to generate the correct 6 english words for that 64count and seed. You can then "cut-and-paste" or type the words into the 65.Nm skeyinit 66window. 67.It Fl z 68Allows the user to zero their S/Key entry. 69.It Fl n Ar count 70Start the 71.Nm skey 72sequence at 73.Ar count 74(default is 100). 75.It Fl md4 76Selects MD4 as the hash algorithm. 77.It Fl md5 78Selects MD5 as the hash algorithm. 79.It Fl sha1 80Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm. 81.It Fl rmd160 82Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm. 83.It Ar user 84The username to be changed/added. By default the current user is 85operated on. 86.Sh ERRORS 87.Bl -tag -width "skey disabled" 88.It skey disabled 89.Pa /etc/skeykeys 90does not exist. It must be created by the superuser in order to use 91.Nm skeyinit . 92.Sh FILES 93.Bl -tag -width /etc/skeykeys 94.It Pa /etc/skeykeys 95data base of information for S/Key system. 96.Sh SEE ALSO 97.Xr skey 1 98.Sh AUTHORS 99Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin 100