ref: 2aa42aee31bbf643d5c630b315ff817d752b088e
parent: acd4a952bd1ffca5447c93bf7a6e929472d2bde5
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Thu Jan 26 06:23:46 EST 2017
auth(8): document authsrv -N flag
--- a/sys/man/8/auth
+++ b/sys/man/8/auth
@@ -23,6 +23,7 @@
.I user
.PP
.B auth/authsrv
+.RB [ -N ]
.PP
.B auth/guard.srv
.PP
@@ -180,8 +181,7 @@
.I Authsrv
is the program, run only on the authentication server, that handles ticket requests
on TCP port 567.
-It is started
-by an incoming call to the server
+It is started by an incoming call to the server
requesting a conversation ticket; its standard input and output
are the network connection.
.I Authsrv
@@ -188,6 +188,13 @@
executes the authentication server's end of the appropriate protocol as
described in
.IR authsrv (6).
+The
+.B -N
+flag disables legacy bruteforceable DES-encrypted tickes as used by the
+.B p9sk1
+protocol, forcing the use of new
+.B dp9ik
+password authenticated key exchange.
.PP
.I Guard.srv
is similar. It is called whenever a foreign (e.g. Unix) system wants