KEYINIT(1)                                             KEYINIT(1)

NAME
       keyinit  -   Change  password  or  add  user to S/Key
       authentication system.

SYNOPSIS
       keyinit [-s] [<user ID >]

DESCRIPTION
       keyinit initializes the system so you can  use  S/Key
       one-time  passwords  to  login.  The program will ask
       you to enter a secret pass phrase; enter a phrase  of
       several  words  in response. After the S/Key database
       has been updated you can login using either your reg-
       ular UNIX password or using S/Key one-time passwords.

       When logging in from another machine  you  can  avoid
       typing  a  real  password over the network, by typing
       your S/Key pass phrase to  the  key  command  on  the
       local  machine:   the  program  will respond with the
       one-time password that you should use to log into the
       remote  machine.  This is most conveniently done with
       cut-and-paste operations  using  a  mouse.   Alterna-
       tively,  you can pre-compute one-time passwords using
       the key command and carry them with you on a piece of
       paper.

       keyinit requires you to type your secret password, so
       it should be used only  on  a  secure  terminal.  For
       example,  on the console of a workstation. If you are
       using keyinit while logged in over an untrusted  net-
       work, follow the instructions given below with the -s
       option.

OPTIONS
       -s     Set secure mode where the user is expected  to
              have  used  a  secure  machine to generate the
              first one time password.  Without the  -s  the
              system  will  assume  you are direct connected
              over secure communications and prompt you  for
              your  secret  password.   The  -s  option also
              allows one to set the seed and count for  com-
              plete  control of the parameters.  You can use
              keyinit -s in combination with the key command
              to  set  the seed and count if you do not like
              the defaults.  To do this run keyinit  in  one
              window and put in your count and seed then run
              key in another window to generate the  correct
              6  English  words for that count and seed. You
              can then "cut" and "paste" them or  copy  them
              into the keyinit window.

                           20 July 1993                         1

KEYINIT(1)                                             KEYINIT(1)

       <user ID> the ID for the user to be changed/added

DIAGNOSTICS
FILES
       /etc/skeykeys data base of information for S/Key sys-
              tem.

BUGS
SEE ALSO
       skey(1), key(1), keysu(1), keyinfo(1)

AUTHOR
       Command by Phil Karn, Neil M. Haller, John S. Walden

                           20 July 1993                         2