auth(8): document authsrv -N flag

author: cinap_lenrek <cinap_lenrek@felloff.net> 2017-01-26 11:23:46 +0100
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2017-01-26 11:23:46 +0100
commit: 2aa42aee31bbf643d5c630b315ff817d752b088e (patch)
tree: ead0d92df47007fb5ffd654f1171b76b73a4a843 /sys/man/8
parent: acd4a952bd1ffca5447c93bf7a6e929472d2bde5 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/sys/man/8/auth b/sys/man/8/auth
index 6c41e4faf..d5461eb94 100644
--- a/sys/man/8/auth
+++ b/sys/man/8/auth
@@ -23,6 +23,7 @@ changeuser, convkeys, printnetkey, status, enable, disable, authsrv, guard.srv,
 .I user
 .PP
 .B auth/authsrv
+.RB [ -N ]
 .PP
 .B auth/guard.srv
 .PP
@@ -180,14 +181,20 @@ Netkey keys for individual users.
 .I Authsrv
 is the program, run only on the authentication server, that handles ticket requests
 on TCP port 567.
-It is started
-by an incoming call to the server
+It is started by an incoming call to the server
 requesting a conversation ticket; its standard input and output
 are the network connection.
 .I Authsrv
 executes the authentication server's end of the appropriate protocol as
 described in
 .IR authsrv (6).
+The
+.B -N
+flag disables legacy bruteforceable DES-encrypted tickes as used by the
+.B p9sk1
+protocol, forcing the use of new
+.B dp9ik
+password authenticated key exchange.
 .PP
 .I Guard.srv
 is similar.  It is called whenever a foreign (e.g. Unix) system wants
author	cinap_lenrek <cinap_lenrek@felloff.net>	2017-01-26 11:23:46 +0100
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2017-01-26 11:23:46 +0100
commit	2aa42aee31bbf643d5c630b315ff817d752b088e (patch)
tree	ead0d92df47007fb5ffd654f1171b76b73a4a843 /sys/man/8
parent	acd4a952bd1ffca5447c93bf7a6e929472d2bde5 (diff)