summaryrefslogtreecommitdiff
path: root/crypto/kerberosIV/doc/otp.texi
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/kerberosIV/doc/otp.texi')
-rw-r--r--crypto/kerberosIV/doc/otp.texi127
1 files changed, 0 insertions, 127 deletions
diff --git a/crypto/kerberosIV/doc/otp.texi b/crypto/kerberosIV/doc/otp.texi
deleted file mode 100644
index 0a5929fa8629..000000000000
--- a/crypto/kerberosIV/doc/otp.texi
+++ /dev/null
@@ -1,127 +0,0 @@
-@node One-Time Passwords, Resolving frequent problems, How to set up a realm, Top
-@chapter One-Time Passwords
-
-@cindex OTP
-@cindex One time passwords
-There is also support for using @dfn{one time passwords} (OTP) in this
-package. Specifically @code{login}, @code{ftpd}, and @code{popper} have
-support for using them.
-
-@menu
-* What are one time passwords?::
-* When to use one time passwords?::
-* Configuring OTPs::
-@end menu
-
-@node What are one time passwords?, When to use one time passwords?, One-Time Passwords, One-Time Passwords
-@comment node-name, next, previous, up
-@section What are one time passwords?
-
-One time passwords are, as the name implies, passwords that can only
-be used once. This means that even if someone is eavesdropping on the
-network, they will not be able to make use of the passwords they steal.
-
-The OTPs used in this package support @cite{RFC 1938}. This standard is
-also backwards compatible with the well-known S/Key. There are lots of
-programs for generating these on everything from HP 48's to Crays.
-@cindex S/Key
-
-@node When to use one time passwords?, Configuring OTPs, What are one time passwords?, One-Time Passwords
-@comment node-name, next, previous, up
-@section When to use one time passwords?
-
-Why would you want to use OTPs instead of Kerberos? The advantage of
-OTPs is that they don't require a computer to operate. You can print
-out a list of passwords and take with you, or you could use your
-calculator or hand-held computer to generate them.
-
-The downside is that they only protect you against passive attacks.
-Only the initial connection is authenticated. After that, anyone can
-eavesdrop on your session, so you should not send or view any sensitive
-data (e.g. passwords) over a OTP-initiated link. You are also
-vulnerable to active attacks where intruders try to take over your
-TCP-session and/or introduce data in the middle of it. In other words,
-they provide initial authentication, but neither integrity nor
-confidentiality.
-
-The OTPs are generated from the tuple (@var{seed}, @var{sequence
-number}, @var{pass-phrase}). The seed and the sequence number will be
-printed as part of the @dfn{challenge} and you will have to generate the
-corresponding password or pick it from a list.
-
-In conclusion, they are simple and can be used everywhere but don't
-protect against all threats that Kerberos does. Use them when you can't
-use Kerberos.
-
-@node Configuring OTPs, , When to use one time passwords?, One-Time Passwords
-@comment node-name, next, previous, up
-@section Configuring OTPs
-
-@heading Initializing
-
-To initialize your OTPs use the @code{otp} program. This program will
-write an entry in a local file on this host with your current password
-(in this case the 100th) and the corresponding seed (@samp{foobar}).
-@pindex otp
-
-@example
-@cartouche
-datan:>otp 100 foobar
-Pass-phrase: <pass-phrase>
-Verifying password Pass-phrase: <pass-phrase>
-@end cartouche
-@end example
-
-@heading Generating
-
-To print out a list of them there is a program called
-@code{otpprint}.
-@pindex otpprint
-
-@example
-@cartouche
-datan:>otpprint 100 foobar
-Pass-phrase: <pass-phrase>
-91: SLAM BUY SUP DUSK SKY BEST
-92: DEEM SIGH ROB RASH JUG MAT
-93: DUET FISK HERS AREA TOLL SUP
-94: WOW RAIN LEAK SARA MARK WING
-95: COG YELL MILK CART ABE BAWL
-96: GROW SILK GIST OMEN CAM ANNE
-97: JAG QUAD NUT BEAT BHOY MAGI
-98: ADAM USED GENE NIP EYE SIS
-99: MY SUNG HERO AT DASH RAKE
-100: CORN KNIT BOTH TOGO SOUL BOG
-@end cartouche
-@end example
-
-@heading Using the OTPs
-
-When you try to use one and have initialized a series of
-one-time passwords for yourself you will get a challenge with the
-algorithm being used, the sequence number, and the seed. Enter those in
-your generator or find the corresponding password in your list.
-
-@example
-@cartouche
-login: assar
-assar's [ otp-md5 99 foobar ] Password: <MY SUNG HERO AT DASH RAKE>
-@end cartouche
-@end example
-
-The sequence number of the password will start at one less that the
-number you gave to @code{otp} and decrease by one every time you use it.
-You should try to keep track of which should be the current one so that
-you can be assured that nobody has stolen some of your passwords and
-used them. When the number has reached zero you need to acquire a new
-series of passwords.
-
-Once you have initialized your series of passwords, you can always use
-them at any password prompt where you get the challenge as shown above.
-
-@heading Configuring servers
-
-@code{ftpd}, @code{telnetd}, and @code{popper} can be configured to
-require one-time passwords when the connection has not been kerberos
-authenticated. Check the man pages for these programs for the correct
-options.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 11:56:04 +0000