1 .\" @(#)keyinit.1 1.0 (Bellcore) 7/20/93
2 .\" $FreeBSD: src/usr.bin/keyinit/keyinit.1,v 1.8 2000/03/01 12:19:47 sheldonh Exp $
3 .\" $DragonFly: src/usr.bin/keyinit/keyinit.1,v 1.3 2005/08/01 01:49:17 swildner Exp $
10 .Nd change password or add user to S/Key authentication system
17 initializes the system so you can use S/Key one-time passwords to
18 login. The program will ask you to enter a secret pass phrase; enter a
19 phrase of several words in response.
20 After the S/Key database has been
21 updated you can login using either your regular UNIX password or using
22 S/Key one-time passwords.
24 When logging in from another machine you can avoid typing a real
25 password over the network, by typing your S/Key pass phrase to the
27 command on the local machine: the program will respond with
28 the one-time password that you should use to log into the remote
29 machine. This is most conveniently done with cut-and-paste operations
30 using a mouse. Alternatively, you can pre-compute one-time passwords
33 command and carry them with you on a piece of paper.
36 requires you to type your secret password, so it should
37 be used only on a secure terminal.
38 For example, on the console of a
42 while logged in over an
43 untrusted network, follow the instructions given below with the
47 .Bl -tag -width indent
49 Set secure mode where the user is expected to have used a secure
50 machine to generate the first one time password. Without the
53 system will assume you are direct connected over secure communications
54 and prompt you for your secret password.
57 option also allows one to set the seed and count for complete
58 control of the parameters. You can use
64 command to set the seed and count if you do not like the defaults.
67 in one window and put in your count and seed
70 in another window to generate the correct 6 English words
71 for that count and seed.
73 "cut" and "paste" them or copy them into the
77 The ID for the user to be changed/added
81 data base of information for S/Key system.