Consistently use "secret passphrase" for the passphrase made up by the user

and "one-time password" for the generated passwords.
ok jmc@ millert@

4 files changed, 33 insertions, 22 deletions

diff --git a/usr.bin/skey/skey.1 b/usr.bin/skey/skey.1
index 74a9a2dea76..494b72a5536 100644
--- a/usr.bin/skey/skey.1
+++ b/usr.bin/skey/skey.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: skey.1,v 1.23 2003/08/08 10:13:33 jmc Exp $
+.\" $OpenBSD: skey.1,v 1.24 2004/06/04 18:18:20 otto Exp $
 .\"	@(#)skey.1	1.1 	10/28/93
 .\"
 .Dd October 28, 1993
@@ -15,7 +15,7 @@
 .Fl rmd160
 .Oc
 .Op Fl n Ar count
-.Op Fl p Ar passwd
+.Op Fl p Ar passphrase
 <sequence#>[/] key
 .Sh DESCRIPTION
 .Nm S/Key
@@ -29,6 +29,16 @@ This implementation of
 .Nm S/Key
 is RFC 2289 compliant.
 .Pp
+Before using
+.Nm skey
+the system needs to be initialized using
+.Xr skeyinit 1 ;
+this will establish a secret passphrase.
+After that, one-time passwords can be generated using
+.Nm skey ,
+which will prompt for the secret passphrase.
+After a one-time password has been used to log in, it can no longer be used.
+.Pp
 When
 .Nm skey
 is invoked as
@@ -40,9 +50,9 @@ as the hash function where
 .Ar method
 is currently one of md4, md5, sha1, or rmd160.
 .Pp
-If you misspell your password while running
+If you misspell your secret passphrase while running
 .Nm skey ,
-you will get a list of passwords
+you will get a list of one-time passwords
 that will not work, and no indication of the problem.
 .Pp
 Password sequence numbers count backwards.
@@ -57,12 +67,12 @@ Prints out
 .Ar count
 one-time passwords.
 The default is to print one.
-.It Fl p Ar password
+.It Fl p Ar passphrase
 Uses
-.Ar password
-as the secret password.
+.Ar passphrase
+as the secret passphrase.
 Use of this option is discouraged as
-your secret password could be visible in a process listing.
+your secret passphrase could be visible in a process listing.
 .It Fl x
 Causes output to be in hexadecimal instead of ASCII.
 .It Fl md4
@@ -78,7 +88,7 @@ Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
 .sp 0
     % skey 99 th91334
 .sp 0
-    Enter secret password: <your secret password is entered here>
+    Enter secret passphrase: <your secret passphrase is entered here>
 .sp 0
     OMEN US HORN OMIT BACK AHOY
 .sp 0
diff --git a/usr.bin/skey/skey.c b/usr.bin/skey/skey.c
index 677e60b9ef7..e5b0b36cbc5 100644
--- a/usr.bin/skey/skey.c
+++ b/usr.bin/skey/skey.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: skey.c,v 1.19 2003/06/10 18:24:40 deraadt Exp $	*/
+/*	$OpenBSD: skey.c,v 1.20 2004/06/04 18:18:20 otto Exp $	*/
 /*
  * OpenBSD S/Key (skey.c)
  *
@@ -114,17 +114,17 @@ main(int argc, char *argv[])
 		seed = argv[++i];
 	}
 
-	/* Get user's secret password */
+	/* Get user's secret passphrase */
 	if (!pass) {
 		fputs("Reminder - Do not use this program while"
 		    " logged in via telnet.\n", stderr);
-		(void)fputs("Enter secret password: ", stderr);
+		(void)fputs("Enter secret passphrase: ", stderr);
 		readpass(passwd, sizeof(passwd));
 		if (passwd[0] == '\0') 
 			exit(1);
 	}
 
-	/* Crunch seed and password into starting key */
+	/* Crunch seed and passphrase into starting key */
 	if (keycrunch(key, seed, passwd) != 0)
 		errx(1, "key crunch failed");
 
@@ -151,6 +151,6 @@ usage(char *s)
 {
 	fprintf(stderr,
 	    "Usage: %s [-x] [-md4|-md5|-sha1|-rmd160] [-n count] "
-	    "[-p password] <sequence#>[/] key\n", s);
+	    "[-p passphrase] <sequence#>[/] key\n", s);
 	exit(1);
 }
diff --git a/usr.bin/skeyinit/skeyinit.1 b/usr.bin/skeyinit/skeyinit.1
index 6ebe845f013..4195428ed0d 100644
--- a/usr.bin/skeyinit/skeyinit.1
+++ b/usr.bin/skeyinit/skeyinit.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: skeyinit.1,v 1.26 2003/06/10 09:12:11 jmc Exp $
+.\"	$OpenBSD: skeyinit.1,v 1.27 2004/06/04 18:18:20 otto Exp $
 .\"	$NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
 .\"	@(#)skeyinit.1	1.1 	10/28/93
 .\"
@@ -26,14 +26,16 @@
 .Sh DESCRIPTION
 .Nm
 initializes the system so you can use S/Key one-time passwords to login.
-The program will ask you to enter a secret pass phrase;
+The program will ask you to enter a secret passphrase which is used by
+.Xr skey 1
+to generate one-time passwords;
 enter a phrase of several words in response.
 After the S/Key database
 has been updated you can login using either your regular password
 or using S/Key one-time passwords.
 .Pp
 .Nm
-requires you to type a secret password, so it should be used
+requires you to type a secret passphrase, so it should be used
 only on a secure terminal.
 For example, on the console of a
 workstation or over an encrypted network session.
@@ -80,7 +82,7 @@ machine to generate the first one-time password.
 Without the
 .Fl s
 option the system will assume you are directly connected over secure
-communications and prompt you for your secret password.
+communications and prompt you for your secret passphrase.
 The
 .Fl s
 option also allows one to set the seed and count for complete
@@ -114,10 +116,9 @@ defeats the purpose of using
 .Dq secure
 mode.
 .It Fl x
-Displays pass phrase in hexadecimal instead of ASCII.
+Displays one-time password in hexadecimal instead of ASCII.
 .It Fl a Ar auth-type
 Specify an authentication type such as
-.Dq krb4 ,
 .Dq krb5
 or
 .Dq passwd .
diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c
index a72d24ec983..f86687cfa19 100644
--- a/usr.bin/skeyinit/skeyinit.c
+++ b/usr.bin/skeyinit/skeyinit.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: skeyinit.c,v 1.45 2003/11/26 00:05:27 espie Exp $	*/
+/*	$OpenBSD: skeyinit.c,v 1.46 2004/06/04 18:18:20 otto Exp $	*/
 
 /* OpenBSD S/Key (skeyinit.c)
  *
@@ -412,7 +412,7 @@ normal_mode(char *username, int n, char *key, char *seed)
 		if (i > 2)
 			errx(1, "S/Key entry not updated");
 
-		if (readpassphrase("Enter secret passphrase: ", passwd,
+		if (readpassphrase("Enter new secret passphrase: ", passwd,
 		    sizeof(passwd), 0) == NULL || passwd[0] == '\0')
 			exit(1);