|
Lines 53-59
Link Here
|
| 53 |
</listitem> |
53 |
</listitem> |
| 54 |
|
54 |
|
| 55 |
<listitem> |
55 |
<listitem> |
| 56 |
<para>How to setup Kereberos, another alternative |
56 |
<para>How to setup Kerberos, another alternative |
| 57 |
authentication system.</para> |
57 |
authentication system.</para> |
| 58 |
</listitem> |
58 |
</listitem> |
| 59 |
|
59 |
|
|
Lines 319-325
Link Here
|
| 319 |
<groupname>wheel</groupname> group (in |
319 |
<groupname>wheel</groupname> group (in |
| 320 |
<filename>/etc/group</filename>). The staff members placed in the |
320 |
<filename>/etc/group</filename>). The staff members placed in the |
| 321 |
<groupname>wheel</groupname> group are allowed to |
321 |
<groupname>wheel</groupname> group are allowed to |
| 322 |
<groupname>su</groupname> to <username>root</username>. You should never give staff |
322 |
<command>su</command> to <username>root</username>. You should never give staff |
| 323 |
members native wheel access by putting them in the |
323 |
members native wheel access by putting them in the |
| 324 |
<groupname>wheel</groupname> group in their password entry. Staff |
324 |
<groupname>wheel</groupname> group in their password entry. Staff |
| 325 |
accounts should be placed in a <groupname>staff</groupname> group, and |
325 |
accounts should be placed in a <groupname>staff</groupname> group, and |
|
Lines 1168-1174
Link Here
|
| 1168 |
<sect2> |
1168 |
<sect2> |
| 1169 |
<title>Insecure Connection Initialization</title> |
1169 |
<title>Insecure Connection Initialization</title> |
| 1170 |
|
1170 |
|
| 1171 |
<para>To initialize change your secret password over an |
1171 |
<para>To initialize or change your secret password over an |
| 1172 |
insecure connection, you will need to already have a secure |
1172 |
insecure connection, you will need to already have a secure |
| 1173 |
connection to some place where you can run <command>key</command> |
1173 |
connection to some place where you can run <command>key</command> |
| 1174 |
or <command>opiekey</command>; this might be in the form of a |
1174 |
or <command>opiekey</command>; this might be in the form of a |
|
Lines 1209-1215
Link Here
|
| 1209 |
|
1209 |
|
| 1210 |
<para>To accept the default seed (which the |
1210 |
<para>To accept the default seed (which the |
| 1211 |
<command>keyinit</command> program confusingly calls a |
1211 |
<command>keyinit</command> program confusingly calls a |
| 1212 |
<literal>key</literal>), press return. Then before entering an |
1212 |
<literal>key</literal>), press <keycap>Return</keycap>. |
|
|
1213 |
Then before entering an |
| 1213 |
access password, move over to your secure connection or S/Key desk |
1214 |
access password, move over to your secure connection or S/Key desk |
| 1214 |
accessory, and give it the same parameters:</para> |
1215 |
accessory, and give it the same parameters:</para> |
| 1215 |
|
1216 |
|
|
Lines 1262-1268
Link Here
|
| 1262 |
Password: </screen> |
1263 |
Password: </screen> |
| 1263 |
|
1264 |
|
| 1264 |
<para>As a side note, the S/Key and OPIE prompts have a useful feature |
1265 |
<para>As a side note, the S/Key and OPIE prompts have a useful feature |
| 1265 |
(not shown here): if you press return at the password prompt, the |
1266 |
(not shown here): if you press <keycap>Return</keycap> |
|
|
1267 |
at the password prompt, the |
| 1266 |
prompter will turn echo on, so you can see what you are |
1268 |
prompter will turn echo on, so you can see what you are |
| 1267 |
typing. This can be extremely useful if you are attempting to |
1269 |
typing. This can be extremely useful if you are attempting to |
| 1268 |
type in a password by hand, such as from a printout.</para> |
1270 |
type in a password by hand, such as from a printout.</para> |