diff options
author | peter <peter@FreeBSD.org> | 1995-12-30 19:02:48 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1995-12-30 19:02:48 +0000 |
commit | ab124e78b0271ddb904b761b31e5c9a0cf24e070 (patch) | |
tree | 0cf1447720c45721ed3d214a4eaaa6834bda155d /usr.bin/key | |
parent | 15748830d0fcd29294a1969a1012655e74908c1e (diff) | |
download | FreeBSD-src-ab124e78b0271ddb904b761b31e5c9a0cf24e070.zip FreeBSD-src-ab124e78b0271ddb904b761b31e5c9a0cf24e070.tar.gz |
recording cvs-1.6 file death
Diffstat (limited to 'usr.bin/key')
-rw-r--r-- | usr.bin/key/README.WZV | 100 | ||||
-rw-r--r-- | usr.bin/key/skey.1 | 59 |
2 files changed, 0 insertions, 159 deletions
diff --git a/usr.bin/key/README.WZV b/usr.bin/key/README.WZV deleted file mode 100644 index a13f3b5..0000000 --- a/usr.bin/key/README.WZV +++ /dev/null @@ -1,100 +0,0 @@ -One of the nice things of S/Key is that it still leaves you the option -to use regular UNIX passwords. In fact, the presence of S/Key support -is completely invisible for a user until she has set up a password with -the keyinit command. You can permit regular UNIX passwords for local -logins, while at the same time insisting on S/Key passwords for logins -from outside. - -ORIGIN - -These files are modified versions of the s/key files found on -thumper.bellcore.com at 21 oct 1993. They have been fixed to -run on top of SunOS 4.1.3 and Solaris 2.3. - -Installation is described at the end of this file. - -USAGE - -Use the keyinit command to set up a new series of s/key passwords. - - wzv_6% keyinit - Updating wietse: - Old key: wz173500 - Reminder - Only use this method if you are direct connected. - If you are using telnet or dial-in exit with no password and use keyinit -s. - Enter secret password: - Again secret password: - - ID wietse s/key is 99 wz173501 - BLAH BLA BLAH BLAH BLAH BLA - -Be sure to make your secret password sufficiently long. Try using a -full sentence instead of just one single word. - -You will have to do a "keyinit" on every system that you want to login -on using one-time passwords. - -Whenever you log into an s/key protected system you will see -something like: - - login: wietse - s/key 98 wz173501 - Password: - -In this case you can either enter your regular UNIX password or -your one-time s/key password. For example, I open a local window -to compute the password: - - local% key 98 wz173501 - Reminder - Do not use key while logged in via telnet or rlogin. - Enter secret password: - BLAH BLA BLAH BLAH BLAH BLA - -The "BLAH BLA BLAH BLAH BLAH BLA" is the one-time s/key password. - -If you have to type the one-time password in by hand, it is convenient -to have echo turned on so that you can correct typing errors. Just type -a newline at the "Password:" prompt: - - login: wietse - s/key 98 wz173501 - Password: (turning echo on) - Password:BLAH BLA BLAH BLAH BLAH BLA - -The 98 in the challenge will be 97 the next time, and so on. You'll get -a warning when you are about to run out of s/key passwords, so that you -will have to run the keyinit command again. - -Sometimes it is more practical to carry a piece of paper with a small -series of one-time passwords. You can generate the list with: - - % key -n 10 98 wz173501 - 98: BLAH BLA BLAH BLAH BLAH BLA - 97: ... - 96: ... - -Be careful when printing material like this! - -INSTALLATION - -To install, do: make sunos4 (or whatever), then: make install. - -The UNIX password is always permitted with non-network logins. By -default, UNIX passwords are always permitted (the Bellcore code by -default disallows UNIX passwords but I think that is too painful). In -order to permit UNIX passwords only with logins from specific networks, -create a file /etc/skey.access. For example, - - # First word says if UNIX passwords are to be permitted or denied. - # remainder of the rule is a networknumber and mask. A rule matches a - # host if any of its addresses satisfies: - # - # network = (address & mask) - # - #what network mask - permit 131.155.210.0 255.255.255.0 - deny 0.0.0.0 0.0.0.0 - -This particular example will permit UNIX passwords with logins from any -host on network 131.155.210, but will insist on one-time passwords in -all other cases. diff --git a/usr.bin/key/skey.1 b/usr.bin/key/skey.1 deleted file mode 100644 index b4e0455..0000000 --- a/usr.bin/key/skey.1 +++ /dev/null @@ -1,59 +0,0 @@ -.ll 6i -.pl 10.5i -.\" @(#)skey.1 1.1 10/28/93 -.\" -.lt 6.0i -.TH KEY 1 "28 October 1993" -.AT 3 -.SH NAME -S/key \- A procedure to use one time passwords for accessing computer systems. -.SH DESCRIPTION -.I S/key -is a procedure for using one time password to authenticate access to -computer systems. It uses 64 bits of information transformed by the -MD4 algorithm. The user supplies the 64 bits in the form of 6 English -words that are generated by a secure computer. -Example use of the S/key program -.I key -.sp - Usage example: -.sp 0 - >key 99 th91334 -.sp 0 - Enter password: <your secret password is entered here> -.sp 0 - OMEN US HORN OMIT BACK AHOY -.sp 0 - > -.sp -The programs that are part of the S/Key system are keyinit, key, and -keyinfo. Keyinit is used to get your ID set up, key is -used to get the one time password each time, -keyinfo is used to extract information from the S/Key database. -.sp -When you run "keyinit" you inform the system of your -secret password. Running "key" then generates the -one-time passwords, and also requires your secret -password. If however, you misspell your password -while running "key", you will get a list of passwords -that will not work, and no indication about the problem. -.sp -Password sequence numbers count backward from 99. If you -don't know this, the syntax for "key" will be confusing. -.sp -You can enter the passwords using small letters, even -though the "key" program gives them in caps. -.sp -Macintosh and a general purpose PC use -are available. -.sp -Under FreeBSD, you can control, with /etc/skey.access, from which -hosts and/or networks the use of S/Key passwords is obligated. -.LP -.SH SEE ALSO -.BR keyinit(1), -.BR key(1), -.BR keyinfo(1) -.BR skey.access(5) -.SH AUTHOR -Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin |