1.\" opiepasswd.1: Manual page for the opiepasswd(1) program. 2.\" 3.\" %%% portions-copyright-cmetz-96
| 1.\" opiepasswd.1: Manual page for the opiepasswd(1) program. 2.\" 3.\" %%% portions-copyright-cmetz-96
|
4.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights
| 4.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
|
5.\" Reserved. The Inner Net License Version 2 applies to these portions of 6.\" the software. 7.\" You should have received a copy of the license with this software. If 8.\" you didn't get a copy, you may request one from <license@inner.net>. 9.\" 10.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan 11.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned 12.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and 13.\" License Agreement applies to this software. 14.\" 15.\" History: 16.\"
| 5.\" Reserved. The Inner Net License Version 2 applies to these portions of 6.\" the software. 7.\" You should have received a copy of the license with this software. If 8.\" you didn't get a copy, you may request one from <license@inner.net>. 9.\" 10.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan 11.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned 12.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and 13.\" License Agreement applies to this software. 14.\" 15.\" History: 16.\"
|
| 17.\" Modified by cmetz for OPIE 2.4. Fixed spelling bug.
|
17.\" Modified by cmetz for OPIE 2.3. Added -f flag documentation. 18.\" Updated console example. 19.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. 20.\" Modified at NRL for OPIE 2.0. 21.\" Written at Bellcore for the S/Key Version 1 software distribution 22.\" (keyinit.1). 23.\"
| 18.\" Modified by cmetz for OPIE 2.3. Added -f flag documentation. 19.\" Updated console example. 20.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. 21.\" Modified at NRL for OPIE 2.0. 22.\" Written at Bellcore for the S/Key Version 1 software distribution 23.\" (keyinit.1). 24.\"
|
24.\" $FreeBSD: head/contrib/opie/opiepasswd.1 59121 2000-04-10 11:18:54Z kris $
| 25.\" $FreeBSD: head/contrib/opie/opiepasswd.1 92914 2002-03-21 23:42:52Z markm $
|
25.ll 6i 26.pl 10.5i 27.lt 6.0i 28.TH OPIEPASSWD 1 "January 10, 1995" 29.AT 3 30.SH NAME 31opiepasswd \- Change or set a user's password for the OPIE authentication 32system. 33 34.SH SYNOPSIS 35.B opiepasswd 36[\-v] [\-h] [\-c|\-d] [\-f] 37.sp 0 38[\-n
| 26.ll 6i 27.pl 10.5i 28.lt 6.0i 29.TH OPIEPASSWD 1 "January 10, 1995" 30.AT 3 31.SH NAME 32opiepasswd \- Change or set a user's password for the OPIE authentication 33system. 34 35.SH SYNOPSIS 36.B opiepasswd 37[\-v] [\-h] [\-c|\-d] [\-f] 38.sp 0 39[\-n
|
39.I inital_sequence_number
| 40.I initial_sequence_number
|
40] 41[\-s 42.I seed 43] [ 44.I user_name 45] 46 47.SH DESCRIPTION 48.I opiepasswd 49will initialize the system information to allow one to use OPIE to login. 50.I opiepasswd 51is downward compatible with the keyinit(1) program from the 52Bellcore S/Key Version 1 distribution. 53 54.SH OPTIONS 55.TP 56.TP 57.B \-v 58Display the version number and compile-time options, then exit. 59.TP 60.B \-h 61Display a brief help message and exit. 62.TP 63.B \-c 64Set console mode where the user is expected to have secure access to the 65system. In console mode, you will be asked to input your password directly 66instead of having to use an OPIE calculator. If you do not have secure access 67to the system (i.e., you are not on the system's console), you are 68volunteering your password to attackers by using this mode. 69.TP 70.B \-d 71Disable OTP logins to the specified account. 72.TP 73.B \-f 74Force 75.I opiepasswd 76to continue, even where it normally shouldn't. This is currently used to 77force opiepasswd to operate in "console" mode even from terminals it believes 78to be insecure. It can also allow users to disclose their secret pass phrases 79to attackers. Use of the -f flag may be disabled by compile-time option in 80your particular build of OPIE. 81.TP 82.B \-n 83Manually specify the initial sequence number. The default is 499. 84.TP 85.B \-s 86Specify a non-random seed. The default is to generate a "random" seed using 87the first two characters of the host name and five pseudo-random digits. 88.SH EXAMPLE 89Using 90.I opiepasswd 91from the console: 92.LP 93.sp 0 94wintermute$ opiepasswd \-c 95.sp 0 96Updating kebe: 97.sp 0 98Reminder \- Only use this method from the console; NEVER from remote. If you 99.sp 0 100are using telnet, xterm, or a dial\-in, type ^C now or exit with no password. 101.sp 0 102Then run opiepasswd without the \-c parameter. 103.sp 0 104Using MD5 to compute responses. 105.sp 0 106Enter old secret pass phrase: 107.sp 0 108Enter new secret pass phrase: 109.sp 0 110Again new secret pass phrase: 111.sp 0 112 113.sp 0 114ID kebe OPIE key is 499 be93564 115.sp 0 116CITE JAN GORY BELA GET ABED 117.sp 0 118wintermute$ 119.LP 120Using 121.I opiepasswd 122from remote: 123.LP 124.sp 0 125wintermute$ opiepasswd 126.sp 0 127Updating kebe: 128.sp 0 129Reminder: You need the response from your OPIE calculator. 130.sp 0 131Old secret password: 132.sp 0 133 otp-md5 482 wi93563 134.sp 0 135 Response: FIRM BERN THEE DUCK MANN AWAY 136.sp 0 137New secret password: 138.sp 0 139 otp-md5 499 wi93564 140.sp 0 141 Response: SKY FAN BUG HUFF GUS BEAT 142.sp 0 143 144.sp 0 145ID kebe OPIE key is 499 wi93564 146.sp 0 147SKY FAN BUG HUFF GUS BEAT 148.sp 0 149wintermute$ 150.LP 151.SH FILES 152.TP 153/etc/opiekeys -- database of key information for the OPIE system. 154 155.SH SEE ALSO 156.BR ftpd (8), 157.BR login (1), 158.BR passwd (1), 159.BR opie (4), 160.BR opiekey (1), 161.BR opieinfo (1), 162.BR su (1), 163.BR opiekeys (5), 164.BR opieaccess (5) 165 166.SH AUTHOR 167Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden 168of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and 169Craig Metz. 170 171S/Key is a trademark of Bell Communications Research (Bellcore). 172 173.SH CONTACT 174OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, 175send an email request to: 176.sp 177skey-users-request@thumper.bellcore.com
| 41] 42[\-s 43.I seed 44] [ 45.I user_name 46] 47 48.SH DESCRIPTION 49.I opiepasswd 50will initialize the system information to allow one to use OPIE to login. 51.I opiepasswd 52is downward compatible with the keyinit(1) program from the 53Bellcore S/Key Version 1 distribution. 54 55.SH OPTIONS 56.TP 57.TP 58.B \-v 59Display the version number and compile-time options, then exit. 60.TP 61.B \-h 62Display a brief help message and exit. 63.TP 64.B \-c 65Set console mode where the user is expected to have secure access to the 66system. In console mode, you will be asked to input your password directly 67instead of having to use an OPIE calculator. If you do not have secure access 68to the system (i.e., you are not on the system's console), you are 69volunteering your password to attackers by using this mode. 70.TP 71.B \-d 72Disable OTP logins to the specified account. 73.TP 74.B \-f 75Force 76.I opiepasswd 77to continue, even where it normally shouldn't. This is currently used to 78force opiepasswd to operate in "console" mode even from terminals it believes 79to be insecure. It can also allow users to disclose their secret pass phrases 80to attackers. Use of the -f flag may be disabled by compile-time option in 81your particular build of OPIE. 82.TP 83.B \-n 84Manually specify the initial sequence number. The default is 499. 85.TP 86.B \-s 87Specify a non-random seed. The default is to generate a "random" seed using 88the first two characters of the host name and five pseudo-random digits. 89.SH EXAMPLE 90Using 91.I opiepasswd 92from the console: 93.LP 94.sp 0 95wintermute$ opiepasswd \-c 96.sp 0 97Updating kebe: 98.sp 0 99Reminder \- Only use this method from the console; NEVER from remote. If you 100.sp 0 101are using telnet, xterm, or a dial\-in, type ^C now or exit with no password. 102.sp 0 103Then run opiepasswd without the \-c parameter. 104.sp 0 105Using MD5 to compute responses. 106.sp 0 107Enter old secret pass phrase: 108.sp 0 109Enter new secret pass phrase: 110.sp 0 111Again new secret pass phrase: 112.sp 0 113 114.sp 0 115ID kebe OPIE key is 499 be93564 116.sp 0 117CITE JAN GORY BELA GET ABED 118.sp 0 119wintermute$ 120.LP 121Using 122.I opiepasswd 123from remote: 124.LP 125.sp 0 126wintermute$ opiepasswd 127.sp 0 128Updating kebe: 129.sp 0 130Reminder: You need the response from your OPIE calculator. 131.sp 0 132Old secret password: 133.sp 0 134 otp-md5 482 wi93563 135.sp 0 136 Response: FIRM BERN THEE DUCK MANN AWAY 137.sp 0 138New secret password: 139.sp 0 140 otp-md5 499 wi93564 141.sp 0 142 Response: SKY FAN BUG HUFF GUS BEAT 143.sp 0 144 145.sp 0 146ID kebe OPIE key is 499 wi93564 147.sp 0 148SKY FAN BUG HUFF GUS BEAT 149.sp 0 150wintermute$ 151.LP 152.SH FILES 153.TP 154/etc/opiekeys -- database of key information for the OPIE system. 155 156.SH SEE ALSO 157.BR ftpd (8), 158.BR login (1), 159.BR passwd (1), 160.BR opie (4), 161.BR opiekey (1), 162.BR opieinfo (1), 163.BR su (1), 164.BR opiekeys (5), 165.BR opieaccess (5) 166 167.SH AUTHOR 168Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden 169of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and 170Craig Metz. 171 172S/Key is a trademark of Bell Communications Research (Bellcore). 173 174.SH CONTACT 175OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, 176send an email request to: 177.sp 178skey-users-request@thumper.bellcore.com
|