SKEYINIT(1)                OpenBSD Reference Manual                SKEYINIT(1)

NAME
     skeyinit - change password or add user to S/Key authentication system



SYNOPSIS
     skeyinit [-s] [-z] [-n count] [-md4 | -md5 | -sha1 | -rmd160] [user]

DESCRIPTION
     skeyinit initializes the system so you can use S/Key one-time passwords
     to login.  The program will ask you to enter a secret pass phrase; enter
     a phrase of several words in response. After the S/Key database has been
     updated you can login using either your regular password or using S/Key
     one-time passwords.

     skeyinit requires you to type a secret password, so it should be used on-
     ly on a secure terminal.  For example, on the console of a workstation or
     over an encrypted network session.  If you are using skeyinit while
     logged in over an untrusted network, follow the instructions given below
     with the -s option.

     Before initializing an S/Key entry, the user must authenticate using ei-
     ther a standard password or an S/Key challenge.  When used over an un-
     trusted network, a password of `s/key' should be used.  The user will
     then be presented with the standard S/Key challenge and allowed to pro-
     ceed if it is correct.

OPTIONS
     -x       Displays pass phrase in hexadecimal instead of ASCII.

     -s       Set secure mode where the user is expected to have used a secure
              machine to generate the first one-time password.  Without the -s
              option the system will assume you are directly connected over
              secure communications and prompt you for your secret password.
              The -s option also allows one to set the seed and count for com-
              plete control of the parameters.  You can use ``skeyinit -s'' in
              combination with the skey command to set the seed and count if
              you do not like the defaults.  To do this run skeyinit in one
              window and put in your count and seed, then run skey in another
              window to generate the correct 6 English words for that count
              and seed.  You can then "cut-and-paste" or type the words into
              the skeyinit window.

     -z       Allows the user to zero their S/Key entry.

     -n count
              Start the skey sequence at count (default is 100).

     -md4     Selects MD4 as the hash algorithm.

     -md5     Selects MD5 as the hash algorithm.

     -sha1    Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash
              algorithm.

     -rmd160  Selects RMD-160 (160 bit Ripe Message Digest) as the hash algo-
              rithm.

     user     The username to be changed/added. By default the current user is
              operated on.

ERRORS
     skey disabled  /etc/skeykeys does not exist.  It must be created by the
                    superuser in order to use skeyinit.

FILES
     /etc/skeykeys  database of information for S/Key system

SEE ALSO
     skey(1)

AUTHORS
     Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin

OpenBSD 2.6                    February 24, 1998                             2