snkinit man page on BSDi

Man page or keyword search:  
man Server   6284 pages
apropos Keyword Search (all sections)
Output format
BSDi logo
[printable version]

TOKENINIT(8)		  BSD System Manager's Manual		  TOKENINIT(8)

NAME
     activinit, cryptoinit, snkinit - Modify or add user in ActivCard, CRYPTO-
     Card, or SNK-004

SYNOPSIS
     tokeninit [-f] [-h] [-m mode] [-s] [-v] user_ID [user_ID ...]

DESCRIPTION
     The tokeninit utility may also be invoked by one of the names: activinit,
     cryptoinit, or snkinit. Depending on the name it was invoked under, it
     will initialize the system information to allow one to use the ActivCard,
     CRYPTOCard or SNK-004 digital encryption token to login.  The tokeninit
     utility is intended for use by the system administrator.

     Token cards system provides strong user authentication by combining a us-
     er's unique knowledge (a Personal Identification Number) and a physical
     object (the token) which the user must have in their possession to login.
     The system administrator programs the token with a secret encryption key
     which is also stored in the database.  The user programs the token with a
     PIN.  To discourage exhaustive attempts to guess the PIN, configuration
     options permit the token to be programmed to erase knowledge of the
     shared secret should the user enter an excessive number of incorrect PIN
     entries.

     The user activates the token by entering their PIN into the token.	 After
     activating the token, the user enters a random number challenge presented
     by the host computer into the token.  The challenge is encrypted by the
     token and a response displayed.  The user then enters the response at the
     host computer's prompt, where it is compared with the anticipated re-
     sponse.

     Token cards typically support multiple unique encryption keys.  This fa-
     cility allows a single token to be used for multiple computer systems, or
     multiple user instances on the same system.

OPTIONS
     -f	     Force reinitialization of an existing account.  The current
	     shared secret stored in the database will be replaced a new
	     shared secret.  The new shared secret must be entered into the
	     token, replacing the current one.

     -h	     Read the shared secret as a 16 digit hexadecimal integer rather
	     than a sequence of 8 octets.  This is not supported when invoked
	     as snkinit.

     -m	     Specify the input modes allowed for this user.  Possible modes
	     are decimal (dec), hexadecimal (hex), phonebook (phone) and re-
	     duced-input (rim).	 Not all modes are available for all types of
	     cards.  Multiple -m options may be specified to enable multiple
	     modes.  By default only the hexadecimal mode is enabled, except
	     for the SNK-004 token, which by default only enables the decimal
	     mode.  If an attempt is made to initialize a card with only re-
	     duced-input, the default mode for the card is silently included.

     -s	     By default, tokeninit prompts for a shared secret to enter into
	     the authentication database.  The -s option generates a 64 bit
	     cryptographically strong key for use in the token.	 This shared
	     secret will be saved in the database for the user ID specified on
	     the command line.	After entering the shared secret into the to-
	     ken, determine that the checksum computed by the token matches
	     the one displayed by tokeninit.

     -v	     Enable verbose mode.  tokeninit will emit messages on the status
	     of each user ID processed.

REDUCED-INPUT MODE
     Reduced-input mode allows the token to predict the next challenge, given
     the current challenge.  This may be used to eliminate the need to enter
     the challenge to the token or may also be used with a paper list.	Using
     a program such as x99token(1) many challenges could be precomputed and
     printed.  This list should be kept secret.	 This list can then take the
     place of an actual token until the system has issued all the challenges
     printed.  Challenges are predicted by the following algorithm:

     * Encrypt the last challenge with the shared secret key

     * AND each byte of the response with 0x0f

     * Modulo each byte by 10 (0x0a)

     * ADD 0x30 (ASCII value of '0') to each byte

     The resulting 8 bytes are all ASCII decimal digits and are the next chal-
     lenge.

DIAGNOSTICS
     Diagnostic messages are logged via syslog(3) with the LOG_AUTH facility.

FILES
     /etc/activ.db   data base of information for ActivCard system

     /etc/crypto.db  data base of information for CRYPTOCard system

     /etc/snk.db     data base of information for SNK-004 system

COMMENTS
     A supplier for ActivCard tokens may be obtained by contacting:

	   ActivCard, Inc.
	   303 Twin Dolphin Dr., Ste 420
	   Redwood City, CA 94065
	   Tel: (415) 654-1700
	   Fax: (415) 654-1701

     CRYPTOCard tokens may be obtained by contacting:

	   CRYPTOCard Incorporated
	   Attn: Wade Clark
	   1649 Barclay Blvd.
	   Buffalo Grove, Illinois 60089
	   Tel: (800) 307-7042 / (708) 459-6500
	   Fax: (708) 459-6599
	   <token@cryptocard.com>

     SNK-004 tokens may be obtained by contacting:

	   Digital Pathways, Inc.
	   Attn: Paul Kamian
	   201 Ravendale Drive
	   Mountain View, CA  94043-5216
	   Tel: (415) 964-0707
	   Fax: (415) 961-7487
	   <paul@digpath.com>

BUGS
     Not all modes of all cards are supported.

SEE ALSO
     x99token(1),  syslog(3),  tokenadm(8),  tokenls(8),  login_token(8)

AUTHOR
     Jack Flory <jpf@mig.com>

 BSD/OS			      September 26, 1995			     3
[top]

List of man pages available for BSDi

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net