xref: /openbsd/usr.bin/skeyinit/skeyinit.1 (revision f2dfb0a4) 
1.\"	$OpenBSD: skeyinit.1,v 1.11 1998/02/24 20:52:46 millert Exp $
2.\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
3.\"	@(#)skeyinit.1	1.1 	10/28/93
4.\"
5.Dd February 24, 1998
6.Dt SKEYINIT 1
7.Os
8.Sh NAME
9.Nm skeyinit
10.Nd change password or add user to S/Key authentication system.
11.Sh SYNOPSIS
12.Nm skeyinit
13.Op Fl s
14.Op Fl z
15.Op Fl n Ar count
16.Op Ar user
17.Sh DESCRIPTION
18.Nm skeyinit
19initializes the system so you can use S/Key one-time passwords
20to login.  The program will ask you to enter a secret pass phrase;
21enter a phrase of several words in response. After the S/Key database
22has been updated you can login using either your regular password
23or using S/Key one-time passwords.
24.Pp
25.Nm skeyinit
26requires you to type a secret password, so it should be used
27only on a secure terminal.  For example, on the console of a
28workstation or over an encrypted network session.  If you are
29using
30.Nm skeyinit
31while logged in over an untrusted network, follow the instructions
32given below with the
33.Fl s
34option.
35.Pp
36Before initializing an S/Key entry, the user must authenticate
37using either a standard password or an S/Key challenge.  When used
38over an untrusted network, a password of
39.Sq s/key
40should be used.  The user will then be presented with the standard
41S/Key challenge and allowed to proceed if it is correct.
42.Sh OPTIONS
43.Bl -tag -width XXXXXXX
44.It Fl x
45Displays pass phrase in hexidecimal instead of ASCII.
46.It Fl s
47Set secure mode where the user is expected to have used a secure
48machine to generate the first one time password.  Without the
49.Fl s
50the system will assume you are direct connected over secure
51communications and prompt you for your secret password.  The
52.Fl s
53option also allows one to set the seed and count for complete
54control of the parameters.  You can use
55.Dq skeyinit -s
56in combination with the
57.Nm skey
58command to set the seed and count if you do not like the defaults.
59To do this run
60.Nm skeyinit
61in one window and put in your count and seed, then run
62.Nm skey
63in another window to generate the correct 6 english words for that
64count and seed.  You can then "cut-and-paste" or type the words into the
65.Nm skeyinit
66window.
67.It Fl z
68Allows the user to zero their S/Key entry.
69.It Fl n Ar count
70Start the
71.Nm skey
72sequence at
73.Ar count
74(default is 100).
75.It Fl md4
76Selects MD4 as the hash algorithm.
77.It Fl md5
78Selects MD5 as the hash algorithm.
79.It Fl sha1
80Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
81.It Fl rmd160
82Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
83.It Ar user
84The username to be changed/added. By default the current user is
85operated on.
86.Sh ERRORS
87.Bl -tag -width "skey disabled"
88.It skey disabled
89.Pa /etc/skeykeys
90does not exist.  It must be created by the superuser in order to use
91.Nm skeyinit .
92.Sh FILES
93.Bl -tag -width /etc/skeykeys
94.It Pa /etc/skeykeys
95data base of information for S/Key system.
96.Sh SEE ALSO
97.Xr skey 1
98.Sh AUTHORS
99Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
100