HardenedBSD/usr.bin/keyinit/keyinit.1
Guido van Rooij 110af3d672 1) Added s/key support .
2  Added optional excessive login logging.
3) Added login acces control on a per host/tty base.
4) See skey(1) for skey descriptions and src/usr.bin/login/README
  for the logging and access control features.

-Guido
1994-05-19 18:13:11 +00:00

65 lines
2.3 KiB
Groff

.ll 6i
.pl 10.5i
.\" @(#)keyinit.1 1.0 (Bellcore) 7/20/93
.\"
.lt 6.0i
.TH KEYINIT 1 "20 July 1993"
.AT 3
.SH NAME
keyinit \- Change password or add user to S/Key authentication system.
.SH SYNOPSIS
.B keyinit [\-s] [<user ID >]
.SH DESCRIPTION
.I keyinit
initializes the system so you can use S/Key one-time passwords to
login. The program will ask you to enter a secret pass phrase; enter a
phrase of several words in response. After the S/Key database has been
updated you can login using either your regular UNIX password or using
S/Key one-time passwords.
.PP
When logging in from another machine you can avoid typing a real
password over the network, by typing your S/Key pass phrase to the
\fIkey\fR command on the local machine: the program will respond with
the one-time password that you should use to log into the remote
machine. This is most conveniently done with cut-and-paste operations
using a mouse. Alternatively, you can pre-compute one-time passwords
using the \fIkey\fR command and carry them with you on a piece of paper.
.PP
\fIkeyinit\fR requires you to type your secret password, so it should
be used only on a secure terminal. For example, on the console of a
workstation. If you are using \fIkeyinit\fR while logged in over an
untrusted network, follow the instructions given below with the \-s
option.
.SH OPTIONS
.IP \-s
Set secure mode where the user is expected to have used a secure
machine to generate the first one time password. Without the \-s the
system will assume you are direct connected over secure communications
and prompt you for your secret password.
The \-s option also allows one to set the seed and count for complete
control of the parameters. You can use keyinit -s in compination with
the
.I key
command to set the seed and count if you do not like the defaults.
To do this run keyinit in one window and put in your count and seed
then run key in another window to generate the correct 6 english words
for that count and seed. You can then
"cut" and "paste" them or copy them into the keyinit window.
.sp
.LP
.B <user ID>
the ID for the user to be changed/added
.SH DIAGNOSTICS
.SH FILES
.TP
/etc/skeykeys data base of information for S/Key system.
.SH BUGS
.LP
.SH SEE ALSO
.BR skey(1),
.BR key(1),
.BR keysu(1),
.BR keyinfo(1)
.SH AUTHOR
Command by Phil Karn, Neil M. Haller, John S. Walden