passwd: make legacy mode explicit

Passwd used to produce a very confusing error about DES not being enabled whenever the password was mistyped. This happened because we attempted to guess what authentication method to use, and preseneted the error from the wrong one on failure. This puts the legacy mode behind a flag, so that we don't even try the old method unless it's explicitly requested.
author: Ori Bernstein <ori@eigenstate.org> 2021-01-17 18:01:53 -0800
committer: Ori Bernstein <ori@eigenstate.org> 2021-01-17 18:01:53 -0800
commit: 8c9cbbb142cfbe595ead3d0003638e079053e683 (patch)
tree: 9d32d5f96cf4a659fc51b7c90b76f773f0254b6d /sys/man
parent: 081f98de6c71865a1a5e07a3cdf09d7d23848c2e (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/man/1/passwd b/sys/man/1/passwd
index 70d60532f..28343c054 100644
--- a/sys/man/1/passwd
+++ b/sys/man/1/passwd
@@ -4,6 +4,9 @@ passwd, netkey \- change or verify user password
 .SH SYNOPSIS
 .B passwd
 [
+.IR -1
+]
+[
 .IR username [@ domain ]
 ]
 .PP
@@ -28,6 +31,16 @@ New passwords and secrets must be typed twice, to forestall mistakes.
 New passwords must be sufficiently hard to guess.
 They may be of any length greater than seven characters.
 .PP
+By default, passwd requires the auth server to support
+.IR dp9ik (6).
+The
+.I -1
+flag forces
+.B passwd
+to authenticate using
+.IR p9sk1 (6).
+
+.PP
 .I Netkey
 prompts for a password to encrypt network challenges.
 It is a substitute for a SecureNet box. It may only be run on a terminal.
author	Ori Bernstein <ori@eigenstate.org>	2021-01-17 18:01:53 -0800
committer	Ori Bernstein <ori@eigenstate.org>	2021-01-17 18:01:53 -0800
commit	8c9cbbb142cfbe595ead3d0003638e079053e683 (patch)
tree	9d32d5f96cf4a659fc51b7c90b76f773f0254b6d /sys/man
parent	081f98de6c71865a1a5e07a3cdf09d7d23848c2e (diff)