LOCK(1) BSD General Commands Manual LOCK(1)NAME
lock -- reserve a terminal
SYNOPSIS
lock [-np] [-t timeout]
DESCRIPTION
lock requests a password from the user, reads it again for verification and then will normally not relinquish the terminal until the password
is repeated. There are two other conditions under which it will terminate: it will timeout after some interval of time and it may be killed
by someone with the appropriate permission.
Options:
-n No timeout is used. The terminal will be locked indefinitely or until current challenge is met.
-p A password is not requested, instead the user's current login password is used. If the user has an S/Key key, they may also use
it to unlock the terminal. To do this the user should enter "s/key" at the unlock "Key:" prompt. The user will then be issued
an S/Key challenge to which they may respond with a six-word S/Key one-time password.
-t timeout The time limit (default 15 minutes) is changed to timeout minutes.
SEE ALSO skey(1)HISTORY
The lock command appeared in 3.0BSD.
BSD June 6, 1993 BSD
Check Out this Related Man Page
SKEY(1) BSD General Commands Manual SKEY(1)NAME
skey -- respond to an OTP challenge
SYNOPSIS
skey [-n count] [-p password] [-t hash] [-x] sequence# [/] key
DESCRIPTION
S/Key is a One Time Password (OTP) authentication system. It is intended to be used when the communication channel between a user and host
is not secure (e.g. not encrypted or hardwired). Since each password is used only once, even if it is "seen" by a hostile third party, it
cannot be used again to gain access to the host.
S/Key uses 64 bits of information, transformed by the MD4 algorithm into 6 English words. The user supplies the words to authenticate him-
self to programs like login(1) or ftpd(8).
Example use of the S/Key program skey:
% skey 99 th91334
Enter password: <your secret password is entered here>
OMEN US HORN OMIT BACK AHOY
%
The string that is given back by skey can then be used to log into a system.
The programs that are part of the S/Key system are:
skeyinit(1) used to set up your S/Key.
skey used to get the one time password(s).
skeyinfo(1) used to initialize the S/Key database for the specified user. It also tells the user what the next challenge will be.
skeyaudit(1) used to inform users that they will soon have to rerun skeyinit(1).
When you run skeyinit(1) you inform the system of your secret password. Running skey then generates the one-time password(s), after requir-
ing your secret password. If however, you misspell your secret password that you have given to skeyinit(1) while running skey you will get a
list of passwords that will not work, and no indication about the problem.
Password sequence numbers count backward from 99. You can enter the passwords using small letters, even though skey prints them capitalized.
The -n count argument asks for count password sequences to be printed out ending with the requested sequence number.
The hash algorithm is selected using the -t hash option, possible choices here are md4, md5 or sha1.
The -p password allows the user to specify the S/Key password on the command line.
To output the S/Key list in hexadecimal instead of words, use the -x option.
EXAMPLES
Initialize generation of one time passwords:
host% skeyinit
Password: <normal login password>
[Adding username]
Enter secret password: <new secret password>
Again secret password: <new secret password again>
ID username s/key is 99 host12345
Next login password: SOME SIX WORDS THAT WERE COMPUTED
Produce a list of one time passwords to take with to a conference:
host% skey -n 3 99 host12345
Enter secret password: <secret password as used with skeyinit>
97: NOSE FOOT RUSH FEAR GREY JUST
98: YAWN LEO DEED BIND WACK BRAE
99: SOME SIX WORDS THAT WERE COMPUTED
Logging in to a host where skey is installed:
host% telnet host
login: <username>
Password [s/key 97 host12345]:
Note that the user can use either his/her S/Key password at the prompt but also the normal one unless the -s flag is given to login(1).
SEE ALSO login(1), skeyaudit(1), skeyinfo(1), skeyinit(1), ftpd(8)
RFC 2289
TRADEMARKS AND PATENTS
S/Key is a trademark of Bellcore.
AUTHORS
Phil Karn
Neil M. Haller
John S. Walden
Scott Chasin
BSD July 25, 2001 BSD