From 7df5ada37cd843e2315a1c078071854d0c566837 Mon Sep 17 00:00:00 2001 From: markm Date: Sun, 19 Sep 1999 21:56:09 +0000 Subject: Merge anf fix for build. --- crypto/kerberosIV/doc/kth-krb.texi | 1 + crypto/kerberosIV/doc/otp.texi | 127 ------------------------------------- 2 files changed, 1 insertion(+), 127 deletions(-) delete mode 100644 crypto/kerberosIV/doc/otp.texi (limited to 'crypto/kerberosIV/doc') diff --git a/crypto/kerberosIV/doc/kth-krb.texi b/crypto/kerberosIV/doc/kth-krb.texi index 248b626..e084de0 100644 --- a/crypto/kerberosIV/doc/kth-krb.texi +++ b/crypto/kerberosIV/doc/kth-krb.texi @@ -1,6 +1,7 @@ \input texinfo @c -*- texinfo -*- @c %**start of header @c $Id: kth-krb.texi,v 1.77.2.1 1999/08/18 21:11:25 joda Exp $ +@c $FreeBSD$ @setfilename kth-krb.info @settitle KTH-KRB @iftex diff --git a/crypto/kerberosIV/doc/otp.texi b/crypto/kerberosIV/doc/otp.texi deleted file mode 100644 index 0a5929f..0000000 --- a/crypto/kerberosIV/doc/otp.texi +++ /dev/null @@ -1,127 +0,0 @@ -@node One-Time Passwords, Resolving frequent problems, How to set up a realm, Top -@chapter One-Time Passwords - -@cindex OTP -@cindex One time passwords -There is also support for using @dfn{one time passwords} (OTP) in this -package. Specifically @code{login}, @code{ftpd}, and @code{popper} have -support for using them. - -@menu -* What are one time passwords?:: -* When to use one time passwords?:: -* Configuring OTPs:: -@end menu - -@node What are one time passwords?, When to use one time passwords?, One-Time Passwords, One-Time Passwords -@comment node-name, next, previous, up -@section What are one time passwords? - -One time passwords are, as the name implies, passwords that can only -be used once. This means that even if someone is eavesdropping on the -network, they will not be able to make use of the passwords they steal. - -The OTPs used in this package support @cite{RFC 1938}. This standard is -also backwards compatible with the well-known S/Key. There are lots of -programs for generating these on everything from HP 48's to Crays. -@cindex S/Key - -@node When to use one time passwords?, Configuring OTPs, What are one time passwords?, One-Time Passwords -@comment node-name, next, previous, up -@section When to use one time passwords? - -Why would you want to use OTPs instead of Kerberos? The advantage of -OTPs is that they don't require a computer to operate. You can print -out a list of passwords and take with you, or you could use your -calculator or hand-held computer to generate them. - -The downside is that they only protect you against passive attacks. -Only the initial connection is authenticated. After that, anyone can -eavesdrop on your session, so you should not send or view any sensitive -data (e.g. passwords) over a OTP-initiated link. You are also -vulnerable to active attacks where intruders try to take over your -TCP-session and/or introduce data in the middle of it. In other words, -they provide initial authentication, but neither integrity nor -confidentiality. - -The OTPs are generated from the tuple (@var{seed}, @var{sequence -number}, @var{pass-phrase}). The seed and the sequence number will be -printed as part of the @dfn{challenge} and you will have to generate the -corresponding password or pick it from a list. - -In conclusion, they are simple and can be used everywhere but don't -protect against all threats that Kerberos does. Use them when you can't -use Kerberos. - -@node Configuring OTPs, , When to use one time passwords?, One-Time Passwords -@comment node-name, next, previous, up -@section Configuring OTPs - -@heading Initializing - -To initialize your OTPs use the @code{otp} program. This program will -write an entry in a local file on this host with your current password -(in this case the 100th) and the corresponding seed (@samp{foobar}). -@pindex otp - -@example -@cartouche -datan:>otp 100 foobar -Pass-phrase: -Verifying password Pass-phrase: -@end cartouche -@end example - -@heading Generating - -To print out a list of them there is a program called -@code{otpprint}. -@pindex otpprint - -@example -@cartouche -datan:>otpprint 100 foobar -Pass-phrase: -91: SLAM BUY SUP DUSK SKY BEST -92: DEEM SIGH ROB RASH JUG MAT -93: DUET FISK HERS AREA TOLL SUP -94: WOW RAIN LEAK SARA MARK WING -95: COG YELL MILK CART ABE BAWL -96: GROW SILK GIST OMEN CAM ANNE -97: JAG QUAD NUT BEAT BHOY MAGI -98: ADAM USED GENE NIP EYE SIS -99: MY SUNG HERO AT DASH RAKE -100: CORN KNIT BOTH TOGO SOUL BOG -@end cartouche -@end example - -@heading Using the OTPs - -When you try to use one and have initialized a series of -one-time passwords for yourself you will get a challenge with the -algorithm being used, the sequence number, and the seed. Enter those in -your generator or find the corresponding password in your list. - -@example -@cartouche -login: assar -assar's [ otp-md5 99 foobar ] Password: -@end cartouche -@end example - -The sequence number of the password will start at one less that the -number you gave to @code{otp} and decrease by one every time you use it. -You should try to keep track of which should be the current one so that -you can be assured that nobody has stolen some of your passwords and -used them. When the number has reached zero you need to acquire a new -series of passwords. - -Once you have initialized your series of passwords, you can always use -them at any password prompt where you get the challenge as shown above. - -@heading Configuring servers - -@code{ftpd}, @code{telnetd}, and @code{popper} can be configured to -require one-time passwords when the connection has not been kerberos -authenticated. Check the man pages for these programs for the correct -options. -- cgit v1.1