mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-17 08:00:48 +01:00
110af3d672
2 Added optional excessive login logging. 3) Added login acces control on a per host/tty base. 4) See skey(1) for skey descriptions and src/usr.bin/login/README for the logging and access control features. -Guido
65 lines
2.3 KiB
Groff
65 lines
2.3 KiB
Groff
.ll 6i
|
|
.pl 10.5i
|
|
.\" @(#)keyinit.1 1.0 (Bellcore) 7/20/93
|
|
.\"
|
|
.lt 6.0i
|
|
.TH KEYINIT 1 "20 July 1993"
|
|
.AT 3
|
|
.SH NAME
|
|
keyinit \- Change password or add user to S/Key authentication system.
|
|
.SH SYNOPSIS
|
|
.B keyinit [\-s] [<user ID >]
|
|
.SH DESCRIPTION
|
|
.I keyinit
|
|
initializes the system so you can use S/Key one-time passwords to
|
|
login. The program will ask you to enter a secret pass phrase; enter a
|
|
phrase of several words in response. After the S/Key database has been
|
|
updated you can login using either your regular UNIX password or using
|
|
S/Key one-time passwords.
|
|
.PP
|
|
When logging in from another machine you can avoid typing a real
|
|
password over the network, by typing your S/Key pass phrase to the
|
|
\fIkey\fR command on the local machine: the program will respond with
|
|
the one-time password that you should use to log into the remote
|
|
machine. This is most conveniently done with cut-and-paste operations
|
|
using a mouse. Alternatively, you can pre-compute one-time passwords
|
|
using the \fIkey\fR command and carry them with you on a piece of paper.
|
|
.PP
|
|
\fIkeyinit\fR requires you to type your secret password, so it should
|
|
be used only on a secure terminal. For example, on the console of a
|
|
workstation. If you are using \fIkeyinit\fR while logged in over an
|
|
untrusted network, follow the instructions given below with the \-s
|
|
option.
|
|
.SH OPTIONS
|
|
.IP \-s
|
|
Set secure mode where the user is expected to have used a secure
|
|
machine to generate the first one time password. Without the \-s the
|
|
system will assume you are direct connected over secure communications
|
|
and prompt you for your secret password.
|
|
The \-s option also allows one to set the seed and count for complete
|
|
control of the parameters. You can use keyinit -s in compination with
|
|
the
|
|
.I key
|
|
command to set the seed and count if you do not like the defaults.
|
|
To do this run keyinit in one window and put in your count and seed
|
|
then run key in another window to generate the correct 6 english words
|
|
for that count and seed. You can then
|
|
"cut" and "paste" them or copy them into the keyinit window.
|
|
.sp
|
|
.LP
|
|
.B <user ID>
|
|
the ID for the user to be changed/added
|
|
.SH DIAGNOSTICS
|
|
.SH FILES
|
|
.TP
|
|
/etc/skeykeys data base of information for S/Key system.
|
|
.SH BUGS
|
|
.LP
|
|
.SH SEE ALSO
|
|
.BR skey(1),
|
|
.BR key(1),
|
|
.BR keysu(1),
|
|
.BR keyinfo(1)
|
|
.SH AUTHOR
|
|
Command by Phil Karn, Neil M. Haller, John S. Walden
|