docs: Added All OpenBSD Manuals

1 files changed, 193 insertions, 0 deletions

diff --git a/static/openbsd/man1/skeyinit.1 b/static/openbsd/man1/skeyinit.1
new file mode 100644
index 00000000..01e3855c
--- /dev/null
+++ b/static/openbsd/man1/skeyinit.1
@@ -0,0 +1,193 @@
+.\"	$OpenBSD: skeyinit.1,v 1.43 2022/03/31 17:27:27 naddy Exp $
+.\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
+.\"	@(#)skeyinit.1	1.1 	10/28/93
+.\"
+.Dd $Mdocdate: March 31 2022 $
+.Dt SKEYINIT 1
+.Os
+.Sh NAME
+.Nm skeyinit
+.Nd change password or add user to S/Key authentication system
+.Sh SYNOPSIS
+.Nm skeyinit
+.Bk -words
+.Op Fl DErsx
+.Op Fl a Ar auth-type
+.Op Fl n Ar count
+.Op Fl md5 | rmd160 | sha1
+.Op Ar user
+.Ek
+.Sh DESCRIPTION
+.Nm
+initializes the system so you can use S/Key one-time passwords to log in.
+The program will ask you to enter a secret passphrase which is used by
+.Xr skey 1
+to generate one-time passwords:
+enter a phrase of several words in response.
+After the S/Key database
+has been updated, you can log in using either your regular password
+or using S/Key one-time passwords.
+.Pp
+.Nm
+requires you to type a secret passphrase, so it should be used
+only on a secure terminal.
+For example, on the console of a
+workstation or over an encrypted network session.
+If you are using
+.Nm
+while logged in over an untrusted network, follow the instructions
+given below with the
+.Fl s
+option.
+.Pp
+Before initializing an S/Key entry, the user must authenticate
+using either a standard password or an S/Key challenge.
+To use a one-time password for initial authentication,
+.Ic skeyinit -a skey
+can be used.
+The user will then be presented with the standard
+S/Key challenge and allowed to proceed if it is correct.
+.Pp
+.Nm
+prints a sequence number and a one-time password.
+This password can't be used to log in; one-time passwords should be
+generated using
+.Xr skey 1
+first.
+The one-time password printed by
+.Nm
+can be used to verify if the right passphrase has been given to
+.Xr skey 1 .
+The one-time password with the corresponding sequence number printed by
+.Xr skey 1
+should match the one printed by
+.Nm .
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl a Ar auth-type
+Before an S/Key entry can be initialised,
+the user must authenticate themselves to the system.
+This option allows the authentication type to be specified, such as
+.Dq passwd
+or
+.Dq skey .
+.It Fl D
+Disables access to the S/Key database.
+Only the superuser may use the
+.Fl D
+option.
+.It Fl E
+Enables access to the S/Key database.
+Only the superuser may use the
+.Fl E
+option.
+.It Fl md5 | rmd160 | sha1
+Selects the hash algorithm:
+MD5, RMD-160 (160-bit Ripe Message Digest),
+or SHA1 (NIST Secure Hash Algorithm Revision 1).
+.It Fl n Ar count
+Start the
+.Nm skey
+sequence at
+.Ar count
+(default is 100).
+.It Fl r
+Removes the user's S/Key entry.
+.It Fl s
+Secure mode.
+The user is expected to have already used a secure
+machine to generate the first one-time password.
+Without the
+.Fl s
+option the system will assume you are directly connected over secure
+communications and prompt you for your secret passphrase.
+The
+.Fl s
+option also allows one to set the seed and count for complete
+control of the parameters.
+.Pp
+When the
+.Fl s
+option is specified,
+.Nm
+will try to authenticate the user via S/Key, instead of the default listed in
+.Pa /etc/login.conf .
+If a user has no entry in the S/Key database, an alternate authentication
+type must be specified via the
+.Fl a
+option
+(see above).
+Entering a password or passphrase in plain text
+defeats the purpose of using
+.Dq secure
+mode.
+.Pp
+You can use
+.Ic skeyinit -s
+in combination with the
+.Nm skey
+command to set the seed and count if you do not like the defaults.
+To do this run
+.Ic skeyinit -s
+in one window and put in your count and seed, then run
+.Xr skey 1
+in another window to generate the correct 6 English words for that
+count and seed.
+You can then "cut-and-paste" or type the words into the
+.Nm
+window.
+.It Fl x
+Displays one-time passwords in hexadecimal instead of ASCII.
+.It Ar user
+The username to be changed/added.
+By default the current user is operated on.
+.El
+.Sh FILES
+.Bl -tag -width /etc/login.conf -compact
+.It Pa /etc/login.conf
+file containing authentication types
+.It Pa /etc/skey
+directory containing user entries for S/Key
+.El
+.Sh EXAMPLES
+.Bd -literal
+$ skeyinit
+Password: \*(Ltenter your regular password here\*(Gt
+[Updating user with md5]
+Old seed: [md5] host12377
+Enter new secret passphrase: \*(Lttype a new passphrase here\*(Gt
+Again secret passphrase: \*(Ltagain\*(Gt
+ID user skey is otp-md5 100 host12378
+Next login password: CITE BREW IDLE CAIN ROD DOME
+$ otp-md5 -n 3 100 host12378
+Enter secret passphrase: \*(Lttype your passphrase here\*(Gt
+98: WERE TUG EDDY GEAR GILL TEE
+99: NEAR HA TILT FIN LONG SNOW
+100: CITE BREW IDLE CAIN ROD DOME
+.Ed
+.Pp
+The one-time password for the next login will have sequence number 99.
+.Sh DIAGNOSTICS
+.Bl -tag -compact -width "skey disabled"
+.It "skey disabled"
+.Pa /etc/skey
+does not exist or is not accessible by the user.
+The superuser may enable
+.Nm
+via the
+.Fl E
+flag.
+.El
+.Sh SEE ALSO
+.Xr skey 1 ,
+.Xr skeyaudit 1 ,
+.Xr skeyinfo 1 ,
+.Xr skey 5 ,
+.Xr skeyprune 8
+.Sh AUTHORS
+.An Phil Karn
+.An Neil M. Haller
+.An John S. Walden
+.An Scott Chasin
+.An Todd Miller