Add the DragonFly cvs id and perform general cleanups on cvs/rcs/sccs ids. Most
[dragonfly.git] / contrib / opie / opiekey.1
CommitLineData
984263bc
MD
1.\" opiekey.1: Manual page for the opiekey(1) program.
2.\"
3.\" %%% portions-copyright-cmetz-96
4.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
5.\" Reserved. The Inner Net License Version 2 applies to these portions of
6.\" the software.
7.\" You should have received a copy of the license with this software. If
8.\" you didn't get a copy, you may request one from <license@inner.net>.
9.\"
10.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
11.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
12.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
13.\" License Agreement applies to this software.
14.\"
15.\" History:
16.\"
17.\" Modified by cmetz for OPIE 2.3. Added -t documentation. Removed
18.\" opie-bugs pointer. Removed opie-md5 and opie-md4 names. Fixed
19.\" a bolding bug. Added -f flag. Added escapes on flags. Minor
20.\" editorial changes. Updated example.
21.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
22.\" Re-worded retype documentation. Added opiegen reference.
23.\" Added -x documentation.
24.\" Modified at NRL for OPIE 2.0.
25.\" Written at Bellcore for the S/Key Version 1 software distribution
26.\" (key.1).
27.\"
28.\" $FreeBSD: src/contrib/opie/opiekey.1,v 1.3.6.3 2002/07/15 14:48:43 des Exp $
1de703da 29.\" $DragonFly: src/contrib/opie/opiekey.1,v 1.2 2003/06/17 04:24:05 dillon Exp $
984263bc
MD
30.ll 6i
31.pl 10.5i
32.lt 6.0i
33.TH OPIEKEY 1 "February 20, 1996"
34.AT 3
35.SH NAME
36opiekey, otp-md4, otp-md5 \- Programs for computing responses to OTP challenges.
37
38.SH SYNOPSIS
39.B opiekey
40|
41.B otp-md4
42|
43.B otp-md5
44[\-v] [\-h] [\-f] [\-x]
45.sp 0
46[\-t
47.I
48type
49] [\-4|\-5]
50[\-a] [\-n
51.I count
52]
53.I sequence_number seed
54.sp 0
55
56.SH DESCRIPTION
57.I opiekey
58takes the optional count of the number of responses to
59print along with a (maximum) sequence number and seed as command line
60args. It prompts for the user's secret pass phrase and produces an OPIE
61response as six words. If compiled to do so, it can prompt for the user's
62secret pass phrase twice to help reduce errors due to mistypes. The second
63password entry can be circumvented by entering only an end of line.
64.I opiekey
65is downward compatible with the
66.IR key (1)
67program from the Bellcore S/Key Version 1 distribution and several of its
68variants.
69
70.SH OPTIONS
71.TP
72.B \-v
73Display the version number and compile-time options, then exit.
74.TP
75.B \-h
76Display a brief help message and exit.
77.TP
78.B \-4, \-5
79Selects MD4 or MD5, respectively, as the response generation algorithm. The
80default for otp-md4 is MD4 and the default for opie-md5 is MD5. The default
81for opiekey depends on compile-time configuration, but should be MD5. MD4 is
82compatible with the Bellcore S/Key Version 1 distribution.
83.TP
84.B \-f
85Force
86.I opiekey
87to continue, even where it normally shouldn't. This is currently used to
88force opiekey to operate in even from terminals it believes to be insecure.
89It can also allow users to disclose their secret pass phrases to attackers.
90Use of the -f flag may be disabled by compile-time option in your particular
91build of OPIE.
92.TP
93.B \-a
94Allows you to input an arbitrary secret pass phrase, instead of running checks
95against it. Arbitrary currently does not include '\\0' or '\\n' characters. This
96can be used for backwards compatibility with key generators that do not check
97passwords.
98.TP
99.B \-n <count>
100the number of one time access passwords to print.
101The default is one.
102.TP
103.B \-x
104Output the OTPs as hexadecimal numbers instead of six words.
105.TP
106.B \-t <type>
107Generate an extended response of the specified type. Supported types are:
108.sp 1
109word six-word
110.sp 0
111hex hexadecimal
112.sp 0
113init hexadecimal re-initialization
114.sp 0
115init-word six-word re-initialization
116.sp 1
117The re-initialization responses
118.I always
119generate the simple active attack protection.
120.TP
121.SH EXAMPLE
122.sp 0
123wintermute$ opiekey \-5 \-n 5 495 wi01309
124.sp 0
125Using MD5 algorithm to compute response.
126.sp 0
127Reminder: Don't use opiekey from telnet or dial-in sessions.
128.sp 0
129Enter secret pass phrase:
130.sp 0
131491: HOST VET FOWL SEEK IOWA YAP
132.sp 0
133492: JOB ARTS WERE FEAT TILE IBIS
134.sp 0
135493: TRUE BRED JOEL USER HALT EBEN
136.sp 0
137494: HOOD WED MOLT PAN FED RUBY
138.sp 0
139495: SUB YAW BILE GLEE OWE NOR
140.sp 0
141wintermute$
142.LP
143
144.SH BUGS
145.BR opiekey(1)
146can lull a user into revealing his/her password when remotely logged in, thus
147defeating the purpose of OPIE. This is especially a problem with xterm.
148.BR opiekey(1)
149implements simple checks to reduce the risk of a user making
150this mistake. Better checks are needed.
151.LP
152
153.SH SEE ALSO
154.BR ftpd (8),
155.BR login (1),
156.BR opie (4),
157.BR opiepasswd (1),
158.BR opieinfo (1),
159.BR opiekeys (5),
160.BR opieaccess (5),
161.BR opiegen (1)
162.BR su (1),
163
164.SH AUTHOR
165Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
166of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
167Craig Metz.
168
169S/Key is a trademark of Bell Communications Research (Bellcore).
170
171.SH CONTACT
172OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
173send an email request to:
174.sp
175skey-users-request@thumper.bellcore.com