Re: skey

[Martin Neitzel <neitzel%hackett.marshlabs.gaertner.de@localhost>]

BC> I can't figure out how to use the skey login for telnet

It's pretty simple.

(1.) Make sure you have telnet enabled, typically by uncommenting
     it in /etc/inetd.conf and "pkill -1 inetd".

(2.) As the user who wants to make use of SKEYs, run  skeyinit  once.
     You don't need any parameters.
     You will have to provide some "secret password" used as some of the
     generators of the SKEY sequences.  You can simply reuse your
     standard login password or choose a new secret.

     skeyinit   will end with some info like:

	ID cartwright skey is otp-md4 100 hack123456
	Next login password: DIRT THUD ABLE IFFY ROVE FUD

The above is the login access for the first, skey-based login coming
up next, identified by a series id (hack123456) and running number
(100, 99, 98, ...) .  You will very likely be interested in a
slightly longer list of the upcoming skeys phrases.  Get this by
entering:

	skey -n 10  100 hack123456

and your secret when prompted.  You can recreate the list any time.
Later on you would be interested in the list going from, say, 90 - 80.

(3.) After your skeyinit, login prompts in telnet, rlogin, slogin, and
     you console (whatever is making use of the skey PAM module) will look
     like this:

	Password [ otp-md4 100 hack123456 ]: ____

     At this point you can either use either your standard password or
     use & burn the next SKEY phrase from you list.  For the
     "100 hack123456" identifier, you could enter "dirt thud able iffy
     rove fud" (case doesn't matter), and after have used this, you
     would be prompted with "Password [ otp-md4 99 hack123456 ]:"
     and could use the "99" phrase.

The beautiful thing is that you can switch between you standard login
password and an skey phrase any time.  You don't have to commit to
skeys completely by using them once.  Give it a try!

							HTH, Martin