README revision 92906
192906SmarkmOPIE Software Distribution, Release 2.4 Important Information 292906Smarkm======================================= ===================== 322347Spst 422347SpstIntroduction 522347Spst============ 622347Spst 722347Spst "One-time Passwords In Everything" (OPIE) is a freely distributable 822347Spstsoftware package originally developed at and for the US Naval Research 922347SpstLaboratory (NRL). Recent versions are the result of a cooperative effort 1022347Spstbetween of NRL, several of the original NRL authors, The Inner Net, and many 1122347Spstother contributors from the Internet community. 1222347Spst 1322347Spst OPIE is an implementation of the One-Time Password (OTP) System that 1422347Spstis being considered for the Internet standards-track. OPIE provides a one-time 1522347Spstpassword system. The system should be secure against the passive attacks 1622347Spstnow commonplace on the Internet (see RFC 1704 for more details). The system 1722347Spstis vulnerable to active dictionary attacks, though these are not widespread 1822347Spstat present and can be detected through proper use of system audit 1922347Spstsoftware. 2022347Spst 2122347Spst OPIE is primarily written for UNIX-like operating systems, but 2222347Spstwe are working to make applicable portions portable to other operating systems. 2322347SpstThe OPIE software is derived in part from and is fully interoperable with the 2422347SpstBell Communications Research (Bellcore) S/Key Release 1 software. Because 2522347SpstBellcore claims "S/Key" as a trademark for their software, NRL was forced to 2622347Spstuse a different name (we picked "OPIE") for this software distribution. 2722347Spst 2822347Spst OPIE includes the following additions/modifications to the 2922347Spstoriginal Bellcore S/Key(tm) Version 1 software: 3022347Spst 3122347Spst* Just about three command installation (unpack the software, run the 3222347Spst configure script, and run make install). While we still recommend that you 3322347Spst follow instructions and test things by hand, the more adventurous can 3422347Spst install OPIE quickly. 3522347Spst 3622347Spst* A modified BSD FTP daemon that does OTP. 3722347Spst 3822347Spst* A version of su that uses OTP by default. 3922347Spst 4022347Spst* MD5 support. MD5 is now the default algorithm, though MD4 is still supported 4122347Spst by changing a parameter in the Makefile. This change was made because MD5 is 4222347Spst widely believed to be cryptographically stronger than MD4 (see RFC 1321). 4322347Spst 4422347Spst* A more portable version of MD4 has been substituted for the original MD4. 4522347Spst This should solve the endian problems that were in S/Key. 4622347Spst 4722347Spst* Most of the system-dependencies have been moved to a new file "opie_cfg.h". 4822347Spst 4922347Spst* Configuration options have been moved to the Makefile. 5022347Spst 5122347Spst* Isolated system dependencies (e.g. BSDisms) with appropriate #ifdefs. 5222347Spst 5322347Spst* Revised the opiekey(1) program to simultaneously support MD4 and MD5, with 5422347Spst the default algorithm being tunable using the MDX symbol in the Makefile. 5522347Spst 5622347Spst* More operating systems are supported by recent versions of OPIE, but older 5722347Spst BSD systems that aren't close to being compliant with the POSIX standard are 5822347Spst no longer supported. 5922347Spst 6022347Spst* Transition mechanisms are optional to prevent potential back doors. 6122347Spst 6222347Spst* On systems using the /etc/opieaccess transition mechanism, users can choose 6322347Spst to require the use of OPIE to login to their accounts when it would 6422347Spst otherwise be optional. 6522347Spst 6622347Spst* Bug fixes 6722347Spst 6822347Spst* Cosmetic changes 6922347Spst 7022347Spst* Prompts (optionally) identify specifically what kind of entry (system 7122347Spst password, secret pass phrase, or OTP response) is allowed. 7222347Spst 7322347Spst* Changes to mostly conform with the draft Internet OTP standard. 7422347Spst 7522347SpstA Glance at What's New 7622347Spst====================== 7722347Spst 7892906Smarkm 2.4 TEST VERSION -- NOT FOR REDISTRIBUTION 7959118Skris 8092906Smarkm Merged in opieauto, which is disabled by default. 8159118Skris 8292906Smarkm Lots of documentation updates. 8359118Skris 8492906Smarkm Portability and bug fixes. 8529964Sache 8692906Smarkm 2.32 January 1, 1998. 8729964Sache 8892906Smarkm Indicate support for extended responses in challenges and check for such 8992906Smarkmindication before generating any extended responses. 9029964Sache 9192906Smarkm Lots of portability and bug fixes. 9229964Sache 9392906Smarkm 2.31 March 20, 1997. 9429964Sache 9592906Smarkm Removed active attack protection support due to patent problems. 9622347Spst 9792906Smarkm Removed the supplemental key file; it did more harm than good. 9822347Spst 9992906Smarkm Moved user locks to a separate directory. 10092906Smarkm 10192906Smarkm Moved user-serviceable configuration options to the configure script. 10292906Smarkm 10392906Smarkm Lots of portability and bug fixes. 10492906Smarkm 10592906Smarkm 2.3 September 22, 1996 10692906Smarkm 10792906Smarkm Autoconf is now the only supported configuration method. 10892906Smarkm 10992906Smarkm Lots of internal functions got re-written in ways that will make some 11022347Spstplanned future changes easier. 11122347Spst 11292906Smarkm OTP extended responses, such as automatic re-initialization. 11322347Spst 11492906Smarkm Support for a supplemental key file that stores information that was not 11592906Smarkmin the original /etc/skeykeys file. This allows OPIE to store extra data needed 11692906Smarkmfor things like the OTP re-initialization extended response without breaking 11792906Smarkminteroperability with other S/Key derived programs. This file is named 11892906Smarkm"/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST NOT be 11992906Smarkmworld readable. 12022347Spst 12192906Smarkm OPIE should better support some of the native "features" of drain bamaged 12292906SmarkmOSs such as AIX, HP-UX, and Solaris. 12322347Spst 12492906Smarkm OPIE's utmp/wtmp handling has been completely re-written. This should solve 12592906Smarkmmany of the utmp/wtmp problems people have been having. 12622347Spst 12792906Smarkm Lots of cleanups. 12822347Spst 12992906Smarkm Bug fixes. 13022347Spst 13192906Smarkm 2.22 May 3, 1996. 13222347Spst 13392906Smarkm More minor bug fixes. OPIE once again works on Solaris 2.x. 13422347Spst 13592906Smarkm 2.21 April 27, 1996. 13622347Spst 13792906Smarkm Minor bug fixes. 13822347Spst 13992906Smarkm 2.2 April 11, 1996. 14022347Spst 14192906Smarkm opiesubr.c, opiesubr2.c, and a few other functions moved into a 14292906Smarkmsubdirectory and split into files with fine granularity. Ditto with missing 14392906Smarkmfunction replacements. This subdirectory structure changes a lot of things 14492906Smarkmaround and more splitting like this should be expected in the near future. 14522347Spst 14692906Smarkm Added opiegenerator() library function that should make it very easy to 14792906Smarkmcreate OTP clients using the OPIE library (this function is subject to change: 14892906Smarkmthere are a few problems remaining to be solved). Just about re-wrote 14922347Spstopiegetpass() to use raw I/O and got most of the OPIE programs actually using 15022347Spstthat function. Autoconf build fixes. Lots of bug fixes. Lots of portability 15122347Spstfixes. Function declarations should be ANSI style for ANSI compilers. Several 15292906Smarkmfixes to bring OPIE in line with the latest OTP spec. MJR DES key crunch 15322347Spstde-implemented. 15422347Spst 15592906Smarkm Added sample programs: opiegen (client) and opieserv (server). 15622347Spst 15792906Smarkm Probably broke non-autoconf support along the way :(. I've tried to bring 15892906Smarkmthis back in sync, but it may still be broken. 15922347Spst 16092906Smarkm 2.11 December 27, 1995. 16122347Spst 16292906Smarkm Minor bug fixes. 16322347Spst 16492906Smarkm 2.10 December 26, 1995. 16522347Spst 16692906Smarkm Optional autoconf support. opieinfo is now a normal program. Bugs fixed -- 16792906Smarkmshould work much better on SunOS, HP-UX, and AIX. 16822347Spst 16992906Smarkm 2.01 -- 2.04 17092906Smarkm 17192906Smarkm Bug fix releases. 17292906Smarkm 17392906Smarkm 2.00 17492906Smarkm 17592906Smarkm Initial release of OPIE 2.0. 17692906Smarkm 17722347SpstSystem Requirements 17822347Spst=================== 17922347Spst 18022347Spst In order to build and run properly, OPIE requires: 18122347Spst 18222347Spst * A UNIX-like operating system 18322347Spst * An ANSI C compiler and run-time library 18422347Spst * POSIX.1- and X/Open XPG-compliance (including termios) 18522347Spst * The BSD sockets API 18622347Spst * Approximately five megabytes of free disk space 18722347Spst 18822347Spst In practice, we believe that many systems who are close to meeting 18922347Spstthese requirements but aren't completely there (for example, SunOS with the 19022347Spstnative compiler) will also work. Systems who aren't anywhere near close 19122347Spst(for example, DOS) are not likely to work without major adjustments to the 19222347SpstOPIE code. 19322347Spst 19422347SpstIf OPIE Doesn't Work 19522347Spst==================== 19622347Spst 19792906Smarkm Under NO circumstances should you send trouble reports directly to the 19892906Smarkmauthors or contributors. They WILL BE IGNORED. 19922347Spst 20092906Smarkm Make sure you have the latest version of OPIE. The latest version is 20192906Smarkmavailable by HTTP at: 20222347Spst 20392906Smarkm http://www.inner.net/pub/opie 20492906Smarkm 20592906Smarkm (sorry, but anonymous FTP is no longer available) 20692906Smarkm 20722347Spst If you have installed the OPIE software (either through "make test" 20822347Spstin (7) above or "make install" in (14)), you can run "make uninstall" from the 20922347SpstOPIE software distribution directory. This should remove the OPIE software and 21022347Spstrestore the original system programs, but it will not work properly (and can 21122347Spsteven result in the total loss of the old system programs -- beware!) if the 21222347Spstinstallation procedure itself did not work properly. 21322347Spst 21429964Sache If you are running a release version, try installing the latest public 21529964Sachetest version (look around). These frequently have already fixed the problem 21629964Sacheyou are seeing, but may have new problems of their own (that's why they're 21792906Smarkmtest versions!). Similarly, if you are running a test version, try installing 21892906Smarkmthe latest released version. 21929964Sache 22022347Spst OPIE is NOT supported software. We don't promise to support you or 22122347Spsteven to acknowledge your mail, but we are interested in bug reports and are 22222347Spstreasonable folks. We also have an interest in seeing OPIE work on as many 22322347Spstsystems as we can. However, if your system doesn't meet the basic requirements 22422347Spstfor OPIE, this will probably require an unreasonable amount of effort. 22522347Spst 22622347Spst The best bug reports include a diagnosis of the problem and a fix. 22722347SpstYour bug report can still be valuable if you can at least diagnose what the 22822347Spstproblem is. If you just tell us "it doesn't work," then we won't be able to 22922347Spstdo anything to help you. 23022347Spst 23122347Spst We've received a number of bug reports from people that look 23222347Spstinteresting, only to find when we try to follow up on them that the user 23322347Spsteither has an invalid return address or never bothered to respond to our 23422347Spstfollowup. Please make sure that bug reports you send us have an electronic 23522347Spstmail address that we can reply to somewhere in them (if necessary, just 23622347Spstput it in the message body). If we send you a response and you are unable 23722347Spstto invest the time to work with us to solve the problem, please tell us -- 23822347Spstfew things are more irritating than when someone sends us information 23922347Spstabout a bug that we'd like to fix and then is never heard from again. 24022347Spst 24122347Spst We try to respond to all properly submitted bug reports. Improperly 24222347Spstsubmitted bug reports will be responded to only if we have time left after 24322347Spstresponding to properly submitted bug reports. We deliberately ignore bug 24422347Spst"reports" sent to mailing lists or USENET news groups instead of or before 24522347Spstour bug report address. At the least, the latter practice is lacking in 24622347Spstcourtesy. 24722347Spst 24822347Spst The file BUG-REPORT contains our bug reporting form. Please use it 24922347Spstand follow the submission instructions in that file. We are going to switch 25022347Spstto machine-parsed bug report processing sometime in the near future to make 25122347Spstit easier to coordinate bug hunting. 25222347Spst 25322347SpstGotchas 25422347Spst======= 25522347Spst 25659118Skris Solaris 2.x is just a lose. It does a lot of nonstandard and downright 25792906Smarkmbroken things. If you want OPIE to be reliable on your box, upgrade to OpenBSD 25859118Skrisor Linux. 25959118Skris 26022347Spst While an almost universal "feature", most people remain unaware that 26122347Spstan intruder can log into a system, then log in again by running the "login" 26222347Spstcommand from a shell. Because the second login is from the local host, the 26322347Spstutmp entry will not show a remote login host anymore. The OPIE replacement 26422347Spstfor /bin/login currently carries on this behavior for compatibility reasons. 26522347SpstIf you would like to prevent this from happening, you should change the 26622347Spstpermissions of /bin/login to 0100, thus preventing unprivileged users from 26722347Spstexecuting it. This fix should work on non-OPIE /bin/login programs as well. 26822347Spst 26922347Spst On 4.3BSDish systems, the supplied /bin/login replacement obtains 27022347Spstthe terminal type for the console comes from the console line in the /etc/ttys 27122347Spstfile. Several systems contain a default entry in this file that specifies the 27222347Spstconsole terminal type as "unknown". This is probably not what you want. 27322347Spst 27422347Spst The OPIE FTP daemon responds with two 530 error messages if you have 27522347Spstnot yet logged in and execute a command that will also do a PORT request. This 27622347Spstis a feature, not a bug, as the FTP client is really sending the server two 27722347Spstcommands (for instance, a PORT and a LIST if you tell your BSD FTP client to do 27822347Spsta DIR command) and the server is responding to each of them with an error. The 27922347Spststock BSD FTP daemon doesn't check the PORT commands to see if you are logged 28022347Spstin, so you would only get one error message. This change should not break any 28122347Spststandards-compliant FTP client, but there are a number of brain-damaged GUI 28222347Spstclients that have a track record for not dealing gracefully with any server 28322347Spstother than the stock BSD one. 28422347Spst 28522347Spst The /etc/opieaccess transition mechanism is, by definition, a security 28622347Spsthole in the OPIE software because an attacker could use it to circumvent the 28722347Spstrequirement for OPIE authentication. You should compile the software with 28822347Spstsupport for this file disabled unless you absolutely cannot use the software 28922347Spstwithout it because of your environment. If you do use this support for 29022347Spsttransition purposes, you should move people to OTP authentication as quickly 29122347Spstas possible and rebuild and reinstall OPIE with this transition support 29222347Spstdisabled so that you won't have a lurking security hole. 29322347Spst 29422347Spst If this wasn't already clear, do not let your sequence number fall 29522347Spstbelow about ten. If your sequence number reaches zero, your OTP sequence 29622347Spstcan only be reset by the superuser. System administrators should make this 29722347Spstcaveat known to their users. 29822347Spst 29922347Spst On Solaris 2.x systems (and possibly others) running NIS+, users 30022347Spstshould run keylogin(1) manually after login because opielogin(1) does not 30122347Spstdo that automatically like the system login(1) program. 30222347Spst 30322347Spst There are reports that some versions of GNU C Compiler (GCC) 30422347Spst(when installed on some systems) use their own termios(4) instead of 30522347Spstthe system's termios(4). This can cause problems. If you are having 30622347Spstcompilation problems that seem to relate to termios and you are using 30722347SpstGCC, you should probably verify that it is using the system's 30822347Spsttermios(4) and not some internal-to-GCC termios(4). One report 30922347Spstindicates that Sun's C compiler works fine with SunOS 4.1.3/4.1.4 on 31022347SpstSPARC, but that some version of GCC on the same system has this 31122347Spsttermios(4) problem. We haven't reproduced these problems ourselves 31222347Spstand hence aren't sure what is happening, but we pass this along for 31322347Spstyour information. (This may have something to do with the use of GNU 31422347Spstlibc) 31522347Spst 31622347Spst If a user has a valid entry in the opiekeys database but has an 31722347Spstasterisk in their traditional password entry, they will not be able to 31822347Spstlog in via opielogin, but opielogin will decrement their sequence number 31922347Spstif a valid response is received. 32022347Spst 32122347Spst On some systems, the OPIE login program does not always display 32229964Sachea "login:" prompt the first time. There is a race condition in many older 32329964Sachetelnetds that is probably the cause of this problem. This should be fixed by 32429964Sachereplacing your telnetd with the latest version of the stock telnetd 32529964Sache(ftp.cray.com:/src/telnet). 32622347Spst 32722347Spst The standard HPUX compiler is severely drain bamaged. One of the 32822347Spstworst parts is that it sometimes won't grok a symbol definition with forward 32922347Spstslashes in them properly and can choke badly on the definition of the key 33022347Spstfile's location. If this happens to you, install and use GCC. (This problem 33122347Spstmay or may not also come up with the optional HP ANSI C compiler -- we don't 33222347Spstknow for sure what compilers have this problem). 33322347Spst 33422347Spst As of OPIE 2.2, the seed is converted to lower case and its length is 33522347Spstchecked in order to comply with the OTP specification. If any of your users 33622347Spsthave seeds that use capital letters or are too long, they need to run the OPIE 33722347Spst2.2 opiepasswd program to re-initialize their sequence to one with a different 33822347Spstseed. 33922347Spst 34022347Spst opielogin is a replacement for /bin/login. It is NOT an OPIE "shell." 34122347SpstYou can use it as one, but don't be surprised if it doesn't behave the way 34229964Sacheyou expect -- we've seen various reports of success and failure when used this 34329964Sacheway. An OPIE "shell" is on the TODO list. 34422347Spst 34522347Spst Clients that use opiegen() will automatically send a re-initialization 34622347Spstextended response if the sequence number falls below ten. If the server does 34722347Spstnot support this, the user will need to log in using opiekey and reset his 34822347Spstsequence manually (using opiepasswd). 34922347Spst 35029964Sache For reasons that remain very unclear, Solaris passes the login name 35129964Sachefrom getty/telnetd to login by stuffing it in the terminal input buffer 35229964Sacheinstead of passing it on the command line like every other *IX. This is just 35329964Sacheplain broken. Solaris has other problems with its telnetd and getty; you may 35429964Sachewant to consider getting the telnet(d) sources (ftp.cray.com:/src/telnet) 35529964Sacheand reasonable getty sources (try sunsite.unc.edu:/pub/Linux/system/Serial, at 35629964Sacheleast one of agetty, mingetty, and getty_ps should work) and replacing the 35729964SacheSolaris versions with these. OPIE should work *much* more happily with these 35829964Sacheprograms than the ones that come with Solaris. However, there could be negative 35959118Skrisside effects -- this is not a procedure recommended for the faint of heart. 36029964Sache 36129964Sache OPIE is a lot more fussy than it used to be about lock files and where 36229964Sacheit puts them. The lock file directory must be a directory used only for OPIE 36329964Sachelock files. It must be a directory, owned by the superuser, and must be mode 36429964Sache0700. 36529964Sache 36692906Smarkm opieauto is a potential security hole. It opens a limited window of 36792906Smarkmexposure by transmitting and storing information that can be used to 36892906Smarkmgenerate one or more OTPs earlier than the current sequence number. Every 36992906Smarkmeffort has been made to limit the potential for compromise to the user- 37092906Smarkmspecified window. However, an attacker with superuser priveleges or access to 37192906Smarkmyour account on the client system can still generate OTPs based on the 37292906Smarkminformation cached via opieauto. In practice, there are other ways for such an 37392906Smarkman attacker to get your entire secret pass phrase, so this is probably not 37492906Smarkmcreating a significant new security problem. However, because of this 37592906Smarkmpotential for problems and because opieauto uses system features that are not 37692906Smarkmpresent on all systems, opieauto support is not compiled in by default and 37792906Smarkmmust be specifically enabled at compile time. 37892906Smarkm 37992906Smarkm Many users are running OPIE with the key file on a shared NFS volume 38092906Smarkmin order to use OTP as a single-login system for a cluster of machines. OPIE 38192906Smarkmwas NOT designed to be operated this way, though it does seem to work. If it 38292906Smarkmfails or if this proves insecure, this is not OPIE's fault. Note that, if you 38392906Smarkmdo this, you probably want to share the OPIE lock files too. 38492906Smarkm 38522347SpstGripes 38622347Spst====== 38722347Spst 38822347Spst Is it too much to ask that certain OS vendors just do the right thing 38929964Sacheand not "fix" what isn't broken? (Look at all the ifdefs in the OPIE code and 39022347Spstthe answer is clear) 39122347Spst 39229964Sache utmp and wtmp handling in OPIE has been a very, very sore subject. 39329964SacheEvery vendor does things differently, and, of course, most of them swear they 39429964Sacheare complying to some or other "standard." My (cmetz) conclusion is that the 39529964Sacheonly thing that is standard about utmp and wtmp handling is that it will be 39629964Sachenonstandard on any given system. I've tried a lot of things and I've wasted 39729964Sache*a lot* of time on trying to make utmp and wtmp handling work for everybody; 39892906Smarkmmy conclusion is that it will never happen. While I am still interested in 39992906Smarkmhearing about fixes for utmp/wtmp on systems where they don't work, I'm not 40092906Smarkmlikely to go out of my way to fix utmp/wtmp handling. If you want it fixed, 40192906Smarkmthe best way to do it is to fix it yourself and contribute a patch. As long as 40292906Smarkmthe patch is reasonable, it will be included in the next release. If you can't 40392906Smarkmwait, use the --disable-utmp option. 40429964Sache 40522347SpstCredits 40622347Spst======= 40722347Spst 40822347Spst First and foremost credit goes to Phil Karn, Neil M. Haller, and John 40922347SpstS. Walden of Bellcore for creating the S/Key Version 1 software distribution 41022347Spstand for making its source code freely available to the public. Without their 41122347Spstwork, OPIE would not exist. Neil has also invested a good amount of his time 41222347Spstin the development of a standard for One-Time Passwords so that packages like 41322347SpstOPIE can interoperate. 41422347Spst 41522347Spst The first NRL OPIE distribution included modifications made primarily 41622347Spstby Dan McDonald of the U.S. Naval Research Laboratory (NRL) during March 1994. 41722347SpstThe 2nd NRL OPIE distribution, which has a number of improvements in areas 41822347Spstsuch as portability of software and ease of installation, is primarily the 41922347Spstwork of Ran Atkinson and Craig Metz. Other NRL contributors include Brian 42022347SpstAdamson, Steve Batsell, Preston Mullen, Bao Phan, Jim Ramsey, and Georg Thomas. 42122347Spst 42222347Spst Some of version 2.2 was developed at NRL and released as a work in 42322347Spstprogress. Most of the release version was developed by Craig Metz (also of 42422347SpstNRL), others at The Inner Net, and contributors from the Internet community. 42522347SpstVersions beyond 2.2 were developed outside NRL, so don't blame them if they 42622347Spstdon't work (But please credit them when it does. Without the NRL effort, there 42722347Spstwouldn't be an OPIE). 42822347Spst 42922347Spst We would like to also thank everyone who helped us by by beta testing, 43022347Spstreporting bugs, suggesting improvements, and/or sending us patches. We 43122347Spstappreciate your contributions -- they have helped to make OPIE more of a 43222347Spstcommunity effort. These contributors include: 43322347Spst 43422347Spst Mowgli Assor 43522347Spst Lawrie Brown 43629964Sache Andrew Davis 43792906Smarkm Taso N. Devetzis 43892906Smarkm Carson Gaspar 43959118Skris Dennis Glatting 44059118Skris Ben Golding 44122347Spst Axel Grewe 44222347Spst "Hobbit" 44329964Sache Kojima Hajime 44422347Spst Darren Hosking 44592906Smarkm Matt Hucke 44692906Smarkm Kenji Kamizono 44759118Skris Charles Karney 44859118Skris Jeff Kletsky 44992906Smarkm Peter Koch 45022347Spst Martijn Koster 45122347Spst Osamu Kurati 45222347Spst Ayamura Kikuchi 45359118Skris Ronald van der Meer 45492906Smarkm Bret Musser 45529964Sache Hiroshi Nakano 45622347Spst Ikuo Nakagawa 45722347Spst Angelo Neri 45829964Sache C. R. Oldham 45992906Smarkm Ossama Othman 46022347Spst D. Jason Penney 46122347Spst John Perkins 46259118Skris Steve Price 46322347Spst Jim Simmons 46459118Skris Steve Simmons 46529964Sache Brad Smith 46622347Spst Werner Wiethege 46759118Skris Ken-ichi Yamasaki 46822347Spst Wietse Venema 46922347Spst 47022347Spst OPIE development at NRL was sponsored by the Information Security 47122347SpstProgram Office (PD 71E), U.S. Space and Naval Warfare Systems Command, Crystal 47222347SpstCity, Virginia. 47322347Spst 47422347Spst If you have problems with OPIE, please follow the instructions under 47522347Spst"If OPIE Doesn't Work." Under NO circumstances should you send trouble 47692906Smarkmreports directly to the authors or contributors. They WILL BE IGNORED. 47722347Spst 47822347SpstTrademarks 47922347Spst========== 48022347SpstS/Key is a trademark of Bell Communications Research (Bellcore). 48122347SpstUNIX is a trademark of X/Open. 48222347SpstNRL is a trademark of the U. S. Naval Research Laboratory. 48322347Spst 48422347SpstAll other trademarks are trademarks of their respective owners. 48522347Spst 48622347SpstThe term "OPIE" is in the public domain and hence cannot be legally 48792906Smarkmtrademarked by anyone. Please do not abuse it. 48822347Spst 48922347SpstCopyrights 49022347Spst========== 49129964Sache%%% portions-copyright-cmetz-96 49292906SmarkmPortions of this software are Copyright 1996-1999 by Craig Metz, All Rights 49322347SpstReserved. The Inner Net License Version 2 applies to these portions of 49422347Spstthe software. 49522347SpstYou should have received a copy of the license with this software. If 49622347Spstyou didn't get a copy, you may request one from <license@inner.net>. 49722347Spst 49822347SpstPortions of this software are Copyright 1995 by Randall Atkinson and Dan 49922347SpstMcDonald, All Rights Reserved. All Rights under this copyright are assigned 50022347Spstto the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and 50122347SpstLicense Agreement applies to this software. 50222347Spst 50322347SpstPortions of this software are copyright 1980-1990 Regents of the 50422347SpstUniversity of California, all rights reserved. The Berkeley Software 50522347SpstLicense Agreement specifies the terms and conditions for redistribution. 50622347Spst 50722347SpstPortions of this software are copyright 1990 Bell Communications Research 50822347Spst(Bellcore), all rights reserved. 509