1.\" opiepasswd.1: Manual page for the opiepasswd(1) program.
2.\"
3.\" %%% portions-copyright-cmetz-96
| 1.\" opiepasswd.1: Manual page for the opiepasswd(1) program.
2.\"
3.\" %%% portions-copyright-cmetz-96
|
4.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
| 4.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
5.\" Reserved. The Inner Net License Version 2 applies to these portions of
6.\" the software.
7.\" You should have received a copy of the license with this software. If
8.\" you didn't get a copy, you may request one from <license@inner.net>.
9.\"
10.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
11.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
12.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
13.\" License Agreement applies to this software.
14.\"
15.\" History:
16.\"
| 5.\" Reserved. The Inner Net License Version 2 applies to these portions of
6.\" the software.
7.\" You should have received a copy of the license with this software. If
8.\" you didn't get a copy, you may request one from <license@inner.net>.
9.\"
10.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
11.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
12.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
13.\" License Agreement applies to this software.
14.\"
15.\" History:
16.\"
|
| 17.\" Modified by cmetz for OPIE 2.4. Fixed spelling bug.
|
17.\" Modified by cmetz for OPIE 2.3. Added -f flag documentation.
18.\" Updated console example.
19.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
20.\" Modified at NRL for OPIE 2.0.
21.\" Written at Bellcore for the S/Key Version 1 software distribution
22.\" (keyinit.1).
23.\"
| 18.\" Modified by cmetz for OPIE 2.3. Added -f flag documentation.
19.\" Updated console example.
20.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
21.\" Modified at NRL for OPIE 2.0.
22.\" Written at Bellcore for the S/Key Version 1 software distribution
23.\" (keyinit.1).
24.\"
|
24.\" $FreeBSD: head/contrib/opie/opiepasswd.1 59121 2000-04-10 11:18:54Z kris $
| 25.\" $FreeBSD: head/contrib/opie/opiepasswd.1 92914 2002-03-21 23:42:52Z markm $
|
25.ll 6i
26.pl 10.5i
27.lt 6.0i
28.TH OPIEPASSWD 1 "January 10, 1995"
29.AT 3
30.SH NAME
31opiepasswd \- Change or set a user's password for the OPIE authentication
32system.
33
34.SH SYNOPSIS
35.B opiepasswd
36[\-v] [\-h] [\-c|\-d] [\-f]
37.sp 0
38[\-n
| 26.ll 6i
27.pl 10.5i
28.lt 6.0i
29.TH OPIEPASSWD 1 "January 10, 1995"
30.AT 3
31.SH NAME
32opiepasswd \- Change or set a user's password for the OPIE authentication
33system.
34
35.SH SYNOPSIS
36.B opiepasswd
37[\-v] [\-h] [\-c|\-d] [\-f]
38.sp 0
39[\-n
|
39.I inital_sequence_number
| 40.I initial_sequence_number
|
40]
41[\-s
42.I seed
43] [
44.I user_name
45]
46
47.SH DESCRIPTION
48.I opiepasswd
49will initialize the system information to allow one to use OPIE to login.
50.I opiepasswd
51is downward compatible with the keyinit(1) program from the
52Bellcore S/Key Version 1 distribution.
53
54.SH OPTIONS
55.TP
56.TP
57.B \-v
58Display the version number and compile-time options, then exit.
59.TP
60.B \-h
61Display a brief help message and exit.
62.TP
63.B \-c
64Set console mode where the user is expected to have secure access to the
65system. In console mode, you will be asked to input your password directly
66instead of having to use an OPIE calculator. If you do not have secure access
67to the system (i.e., you are not on the system's console), you are
68volunteering your password to attackers by using this mode.
69.TP
70.B \-d
71Disable OTP logins to the specified account.
72.TP
73.B \-f
74Force
75.I opiepasswd
76to continue, even where it normally shouldn't. This is currently used to
77force opiepasswd to operate in "console" mode even from terminals it believes
78to be insecure. It can also allow users to disclose their secret pass phrases
79to attackers. Use of the -f flag may be disabled by compile-time option in
80your particular build of OPIE.
81.TP
82.B \-n
83Manually specify the initial sequence number. The default is 499.
84.TP
85.B \-s
86Specify a non-random seed. The default is to generate a "random" seed using
87the first two characters of the host name and five pseudo-random digits.
88.SH EXAMPLE
89Using
90.I opiepasswd
91from the console:
92.LP
93.sp 0
94wintermute$ opiepasswd \-c
95.sp 0
96Updating kebe:
97.sp 0
98Reminder \- Only use this method from the console; NEVER from remote. If you
99.sp 0
100are using telnet, xterm, or a dial\-in, type ^C now or exit with no password.
101.sp 0
102Then run opiepasswd without the \-c parameter.
103.sp 0
104Using MD5 to compute responses.
105.sp 0
106Enter old secret pass phrase:
107.sp 0
108Enter new secret pass phrase:
109.sp 0
110Again new secret pass phrase:
111.sp 0
112
113.sp 0
114ID kebe OPIE key is 499 be93564
115.sp 0
116CITE JAN GORY BELA GET ABED
117.sp 0
118wintermute$
119.LP
120Using
121.I opiepasswd
122from remote:
123.LP
124.sp 0
125wintermute$ opiepasswd
126.sp 0
127Updating kebe:
128.sp 0
129Reminder: You need the response from your OPIE calculator.
130.sp 0
131Old secret password:
132.sp 0
133 otp-md5 482 wi93563
134.sp 0
135 Response: FIRM BERN THEE DUCK MANN AWAY
136.sp 0
137New secret password:
138.sp 0
139 otp-md5 499 wi93564
140.sp 0
141 Response: SKY FAN BUG HUFF GUS BEAT
142.sp 0
143
144.sp 0
145ID kebe OPIE key is 499 wi93564
146.sp 0
147SKY FAN BUG HUFF GUS BEAT
148.sp 0
149wintermute$
150.LP
151.SH FILES
152.TP
153/etc/opiekeys -- database of key information for the OPIE system.
154
155.SH SEE ALSO
156.BR ftpd (8),
157.BR login (1),
158.BR passwd (1),
159.BR opie (4),
160.BR opiekey (1),
161.BR opieinfo (1),
162.BR su (1),
163.BR opiekeys (5),
164.BR opieaccess (5)
165
166.SH AUTHOR
167Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
168of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
169Craig Metz.
170
171S/Key is a trademark of Bell Communications Research (Bellcore).
172
173.SH CONTACT
174OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
175send an email request to:
176.sp
177skey-users-request@thumper.bellcore.com
| 41]
42[\-s
43.I seed
44] [
45.I user_name
46]
47
48.SH DESCRIPTION
49.I opiepasswd
50will initialize the system information to allow one to use OPIE to login.
51.I opiepasswd
52is downward compatible with the keyinit(1) program from the
53Bellcore S/Key Version 1 distribution.
54
55.SH OPTIONS
56.TP
57.TP
58.B \-v
59Display the version number and compile-time options, then exit.
60.TP
61.B \-h
62Display a brief help message and exit.
63.TP
64.B \-c
65Set console mode where the user is expected to have secure access to the
66system. In console mode, you will be asked to input your password directly
67instead of having to use an OPIE calculator. If you do not have secure access
68to the system (i.e., you are not on the system's console), you are
69volunteering your password to attackers by using this mode.
70.TP
71.B \-d
72Disable OTP logins to the specified account.
73.TP
74.B \-f
75Force
76.I opiepasswd
77to continue, even where it normally shouldn't. This is currently used to
78force opiepasswd to operate in "console" mode even from terminals it believes
79to be insecure. It can also allow users to disclose their secret pass phrases
80to attackers. Use of the -f flag may be disabled by compile-time option in
81your particular build of OPIE.
82.TP
83.B \-n
84Manually specify the initial sequence number. The default is 499.
85.TP
86.B \-s
87Specify a non-random seed. The default is to generate a "random" seed using
88the first two characters of the host name and five pseudo-random digits.
89.SH EXAMPLE
90Using
91.I opiepasswd
92from the console:
93.LP
94.sp 0
95wintermute$ opiepasswd \-c
96.sp 0
97Updating kebe:
98.sp 0
99Reminder \- Only use this method from the console; NEVER from remote. If you
100.sp 0
101are using telnet, xterm, or a dial\-in, type ^C now or exit with no password.
102.sp 0
103Then run opiepasswd without the \-c parameter.
104.sp 0
105Using MD5 to compute responses.
106.sp 0
107Enter old secret pass phrase:
108.sp 0
109Enter new secret pass phrase:
110.sp 0
111Again new secret pass phrase:
112.sp 0
113
114.sp 0
115ID kebe OPIE key is 499 be93564
116.sp 0
117CITE JAN GORY BELA GET ABED
118.sp 0
119wintermute$
120.LP
121Using
122.I opiepasswd
123from remote:
124.LP
125.sp 0
126wintermute$ opiepasswd
127.sp 0
128Updating kebe:
129.sp 0
130Reminder: You need the response from your OPIE calculator.
131.sp 0
132Old secret password:
133.sp 0
134 otp-md5 482 wi93563
135.sp 0
136 Response: FIRM BERN THEE DUCK MANN AWAY
137.sp 0
138New secret password:
139.sp 0
140 otp-md5 499 wi93564
141.sp 0
142 Response: SKY FAN BUG HUFF GUS BEAT
143.sp 0
144
145.sp 0
146ID kebe OPIE key is 499 wi93564
147.sp 0
148SKY FAN BUG HUFF GUS BEAT
149.sp 0
150wintermute$
151.LP
152.SH FILES
153.TP
154/etc/opiekeys -- database of key information for the OPIE system.
155
156.SH SEE ALSO
157.BR ftpd (8),
158.BR login (1),
159.BR passwd (1),
160.BR opie (4),
161.BR opiekey (1),
162.BR opieinfo (1),
163.BR su (1),
164.BR opiekeys (5),
165.BR opieaccess (5)
166
167.SH AUTHOR
168Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
169of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
170Craig Metz.
171
172S/Key is a trademark of Bell Communications Research (Bellcore).
173
174.SH CONTACT
175OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
176send an email request to:
177.sp
178skey-users-request@thumper.bellcore.com
|