S/Key

S/Key is the one-time password system developed by Bellcore. S/Key users must be valid UNIX/NIS users on the i-Planet server. The initial S/Key authentication screen prompts for the user's Unique UserID (UUID) and Personal Identification Number (PIN). If these are validated, then the user is prompted for the next expected one-time password. (This password is actually a six-word passphrase).

Before an end user attempts remote access for the first time, a list of S/Key one-time passwords must be generated for that end user.

For the System Administrator to Generate Passwords for Remote Users

You can generate passwords for end users with the following procedure.

To Generate Passwords for a Remote User

1. Start the web browser that you want to use.

2. Start the Administration Console

3. Click the Generate S/KEY Passwords link in the Misc section in the navigation frame of the Administration Console.

4. Follow the instructions in the administration frame of the Administration Console.

   When you generate the passwords on behalf of end users, give them the UUID and list of passwords and, separately, give them the PIN that you used. For security, the end users should keep this PIN separate from the UUID and the list of passwords.

For Users to Generate Their Own Passwords

End users can generate their own set of passwords over the intranet before they become remote so that they can use S/Key authentication. They can only use the following procedure over the intranet.

For Users to Generate Passwords

End users use this procedure to generate their own S/Key passwords over the intranet before they become remote.

1. They start the web browser that they want to use.

2. They type the following as the URL in the browser:

   http://i-Planet_server:default-port/cgi-bin/skey/skeylogin.cgi

   8080 is the default port for the i-Planet server.

Once they have remotely logged into the i-Planet system, end users can generate more one-time passwords by clicking the Generate S/KEY Passwords link on the i-Planet Desktop.

When end users generate more S/Key passwords, the new list of passwords supersedes the previously generated list and UUID for the end users will change.

Removing the i-Planet software will delete all S/Key password information for the end users.

If an end user uses the last password and logs out before generating a new list of passwords, then a new list for that user can only be generated using one of the other two methods.