diff --git a/sys/man/1/passwd b/sys/man/1/passwd index 70d60532f..28343c054 100644 --- a/sys/man/1/passwd +++ b/sys/man/1/passwd @@ -4,6 +4,9 @@ passwd, netkey \- change or verify user password .SH SYNOPSIS .B passwd [ +.IR -1 +] +[ .IR username [@ domain ] ] .PP @@ -27,6 +30,16 @@ secret. New passwords and secrets must be typed twice, to forestall mistakes. New passwords must be sufficiently hard to guess. They may be of any length greater than seven characters. +.PP +By default, passwd requires the auth server to support +.IR dp9ik (6). +The +.I -1 +flag forces +.B passwd +to authenticate using +.IR p9sk1 (6). + .PP .I Netkey prompts for a password to encrypt network challenges. diff --git a/sys/src/cmd/auth/passwd.c b/sys/src/cmd/auth/passwd.c index db551d67c..eb14ddca8 100644 --- a/sys/src/cmd/auth/passwd.c +++ b/sys/src/cmd/auth/passwd.c @@ -7,7 +7,7 @@ void main(int argc, char **argv) { - int fd, n, try; + int fd, n, dp9ik; Ticketreq tr; Ticket t; Passwordreq pr; @@ -15,7 +15,14 @@ main(int argc, char **argv) char buf[512]; char *s, *user; + dp9ik = 1; ARGBEGIN{ + case '1': + dp9ik = 0; + break; + default: + fprint(2, "%s [-1]\n", argv0); + exits("usage"); }ARGEND argv0 = "passwd"; @@ -48,31 +55,17 @@ main(int argc, char **argv) memset(&pr, 0, sizeof(pr)); getpass(&key, pr.old, 0, 0); - /* - * negotiate PAK key. we need to retry in case the AS does - * not support the AuthPAK request or when the user has - * not yet setup a new key and the AS made one up. - */ - try = 0; - authpak_hash(&key, tr.uid); - if(_asgetpakkey(fd, &tr, &key) < 0){ -Retry: - try++; - close(fd); - fd = authdial(nil, s); - if(fd < 0) - error("authdial: %r"); + if(dp9ik){ + authpak_hash(&key, tr.uid); + if(_asgetpakkey(fd, &tr, &key) < 0) + error("%r"); } - /* send ticket request to AS */ if(_asrequest(fd, &tr) < 0) error("%r"); if(_asgetresp(fd, &t, nil, &key) < 0) error("%r"); - if(t.num != AuthTp || strcmp(t.cuid, tr.uid) != 0){ - if(try == 0) - goto Retry; + if(t.num != AuthTp || strcmp(t.cuid, tr.uid) != 0) error("bad password"); - } /* loop trying new passwords */ for(;;){