Fixed up docs and improved skeyinit's passwd prompt.

4 files changed, 89 insertions, 56 deletions

diff --git a/usr.bin/skey/skey.1 b/usr.bin/skey/skey.1
index 11cfcfeda10..3675c774f98 100644
--- a/usr.bin/skey/skey.1
+++ b/usr.bin/skey/skey.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: skey.1,v 1.4 1996/09/29 23:04:57 millert Exp $
+.\" $OpenBSD: skey.1,v 1.5 1996/09/30 18:49:52 millert Exp $
 .\"	@(#)skey.1	1.1 	10/28/93
 .\"
 .Dd 28 October 1993
@@ -18,40 +18,8 @@
 .Nm S/key
 is a procedure for using one time passwords to authenticate access to
 computer systems. It uses 64 bits of information transformed by the
-MD4 and MD5 algorithms. The user supplies the 64 bits in the form of 6
-English words that are generated by a secure computer.
-Example use of the S/key program
-.Xr skey 1 :
-.sp
-.sp 0
-    % skey  99 th91334
-.sp 0
-    Enter secret password: <your secret password is entered here>
-.sp 0
-    OMEN US HORN OMIT BACK AHOY
-.sp 0
-    % 
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl n Ar count
-Prints out
-.Ar count
-one time passwords.  The default is to print one.
-.It Fl p Ar password
-Uses
-.Ar password
-as the secret password.  Use of this option is discouraged as
-your secret password could be visible in a process listing.
-.It Fl x
-causes output to be in hexidecimal instead of ASCII.
-.It Fl md4
-Selects MD4 as the hash algorithm.
-.It Fl md5
-Selects MD5 as the hash algorithm.
-.It Fl sha1
-Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
-.El
+MD4, MD5, or SHA1 algorithms. The user supplies the 64 bits in the form
+of 6 English words that are generated by a secure computer.
 .Pp
 When
 .Nm skey
@@ -65,14 +33,43 @@ as the hash function where
 is currently one of md4, md5, or sha1.
 .Pp
 If you misspell your password while running
-.Xr skey 1 ,
+.Nm skey ,
 you will get a list of passwords
 that will not work, and no indication about the problem.
 .Pp
 Password sequence numbers count backward from 99.
 You can enter the passwords using small letters, even though
-.Xr skey 1
+.Nm skey
 prints them capitalized.
+.Sh OPTIONS
+.Bl -tag -width Ds
+.It Fl n Ar count
+Prints out
+.Ar count
+one time passwords.  The default is to print one.
+.It Fl p Ar password
+Uses
+.Ar password
+as the secret password.  Use of this option is discouraged as
+your secret password could be visible in a process listing.
+.It Fl x
+causes output to be in hexidecimal instead of ASCII.
+.It Fl md4
+Selects MD4 as the hash algorithm.
+.It Fl md5
+Selects MD5 as the hash algorithm.
+.It Fl sha1
+Selects SHA1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
+.El
+.Sh EXAMPLE
+.sp 0
+    % skey 99 th91334
+.sp 0
+    Enter secret password: <your secret password is entered here>
+.sp 0
+    OMEN US HORN OMIT BACK AHOY
+.sp 0
+    % 
 .Sh SEE ALSO
 .Xr skeyinit 1 ,
 .Xr skeyinfo 1
diff --git a/usr.bin/skey/skeyinfo.1 b/usr.bin/skey/skeyinfo.1
index cf0b47c6797..86523eaaa61 100644
--- a/usr.bin/skey/skeyinfo.1
+++ b/usr.bin/skey/skeyinfo.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: skeyinfo.1,v 1.2 1996/06/26 05:39:22 deraadt Exp $
+.\" $OpenBSD: skeyinfo.1,v 1.3 1996/09/30 18:49:53 millert Exp $
 .\"
 .\"
 .Dd 9 June 1994
@@ -14,6 +14,11 @@
 .Nm skeyinfo
 prints out the next S/Key challenge for the specified user or for the
 current user if no user is specified.
+.Sh EXAMPLE
+% skey -n <number of passwords to print> `skeyinfo` | lpr
+.sp
+This would print out a list of S/Key passwords for use over
+an untrusted network (perhaps for use at a conference).
 .Sh SEE ALSO
 .Xr skeyinit 1 ,
 .Xr skey 1
diff --git a/usr.bin/skeyinit/skeyinit.1 b/usr.bin/skeyinit/skeyinit.1
index f4054150e3f..396b74d206c 100644
--- a/usr.bin/skeyinit/skeyinit.1
+++ b/usr.bin/skeyinit/skeyinit.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: skeyinit.1,v 1.6 1996/09/29 23:04:58 millert Exp $
+.\"	$OpenBSD: skeyinit.1,v 1.7 1996/09/30 18:49:54 millert Exp $
 .\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
 .\"	@(#)skeyinit.1	1.1 	10/28/93
 .\"
@@ -6,7 +6,7 @@
 .Dt SKEYINIT 1
 .Os NetBSD 4
 .Sh NAME
-.Nm S/key
+.Nm skeyinit
 .Nd change password or add user to S/Key authentication system.
 .Sh SYNOPSIS
 .Nm skeyinit
@@ -15,25 +15,56 @@
 .Op Ar user
 .Sh DESCRIPTION
 .Nm skeyinit
-will initialize the system information to allow a user to use
-their S/Key to login.
-You should use a secure login connection to generate
-your first one time password.
+initializes the system so you can use S/Key one-time passwords
+to login.  The program will ask you to enter a secret pass phrase;
+enter a phrase of several words in response. After the S/Key database
+has been updated you can login using either your regular password
+or using S/Key one-time passwords.
+.Pp
+.Nm skeyinit
+requires you to type a secret password, so it should be used
+only on a secure terminal.  For example, on the console of a
+workstation or over an encrypted network session.  If you are
+using
+.Nm skeyinit
+while logged in over an untrusted network, follow the instructions
+given below with the
+.Fl s
+option.
+.Pp
+Before initializing an S/Key entry, the user must authenticate
+using either a standard password or an S/Key challenge.  When used
+over an untrusted network, a password of
+.Sq s/key
+should be used.  The user will then be presented with the standard
+S/Key challenge and allowed to proceed if it is correct.
 .Sh OPTIONS
 .Bl -tag -width Ds
 .It Fl x
-displays pass phrase in hexidecimal instead of ASCII.
+Displays pass phrase in hexidecimal instead of ASCII.
 .It Fl s
-allows the user to set the seed and count for complete control
-of the parameters.
-To do this run skeyinit in one window and put in your count and seed;
-then run
+Set secure mode where the user is expected to have used a secure
+machine to generate the first one time password.  Without the
+.Fl s
+the system will assume you are direct connected over secure
+communications and prompt you for your secret password.  The
+.Fl s
+option also allows one to set the seed and count for complete
+control of the parameters.  You can use
+.Dq skeyinit -s
+in combination with the
 .Nm skey
-in another window to generate the correct 6 english words
-for that count and seed.
-You can then "cut-and-paste" or type the words into the skeyinit window.
+command to set the seed and count if you do not like the defaults.
+To do this run
+.Nm skeyinit
+in one window and put in your count and seed, then run
+.Nm skey
+in another window to generate the correct 6 english words for that
+count and seed.  You can then "cut-and-paste" or type the words into the
+.Nm skeyinit
+window.
 .It Fl z
-allows the user to zero their S/Key entry.
+Allows the user to zero their S/Key entry.
 .It Fl md4
 Selects MD4 as the hash algorithm.
 .It Fl md5
@@ -41,7 +72,7 @@ Selects MD5 as the hash algorithm.
 .It Fl sha1
 Selects SHA (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
 .It Ar user
-the username to be changed/added. By default the current user is
+The username to be changed/added. By default the current user is
 operated on.
 .Sh FILES
 .Bl -tag -width /etc/skeykeys
diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c
index 23f9a72700b..eb4271489f9 100644
--- a/usr.bin/skeyinit/skeyinit.c
+++ b/usr.bin/skeyinit/skeyinit.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: skeyinit.c,v 1.10 1996/09/30 06:30:43 millert Exp $	*/
+/*	$OpenBSD: skeyinit.c,v 1.11 1996/09/30 18:49:55 millert Exp $	*/
 /*	$NetBSD: skeyinit.c,v 1.6 1995/06/05 19:50:48 pk Exp $	*/
 
 /* S/KEY v1.1b (skeyinit.c)
@@ -116,7 +116,7 @@ main(argc, argv)
 	salt = pp->pw_passwd;
 
 	if (getuid() != 0) {
-		pw = getpass("Password:");
+		pw = getpass("Password (or `s/key'):");
 		if (strcasecmp(pw, "s/key") == 0) {
 			if (skey_haskey(me))
 				exit(1);