git: plan9front

--- a/sys/man/1/passwd

+++ b/sys/man/1/passwd

@@ -4,6 +4,9 @@

 .SH SYNOPSIS

 .B passwd

+.IR -1

+]

+[

 .IR username [@ domain ]

.PP

@@ -27,6 +30,16 @@

 New passwords and secrets must be typed twice, to forestall mistakes.

 New passwords must be sufficiently hard to guess.

 They may be of any length greater than seven characters.

+.PP

+By default, passwd requires the auth server to support

+.IR dp9ik (6).

+The

+.I -1

+flag forces

+.B passwd

+to authenticate using

+.IR p9sk1 (6).

.PP

 .I Netkey

 prompts for a password to encrypt network challenges.

--- a/sys/src/cmd/auth/passwd.c

+++ b/sys/src/cmd/auth/passwd.c

@@ -7,7 +7,7 @@

 void

 main(int argc, char **argv)

-	int fd, n, try;

+	int fd, n, dp9ik;

 	Ticketreq tr;

 	Ticket t;

 	Passwordreq pr;

@@ -15,7 +15,14 @@

 	char buf[512];

 	char *s, *user;

+	dp9ik = 1;

 	ARGBEGIN{

+	case '1':

+		dp9ik = 0;

+		break;

+	default:

+		fprint(2, "%s [-1]\n", argv0);

+		exits("usage");

 	}ARGEND

 	argv0 = "passwd";

@@ -48,31 +55,17 @@

 	memset(&pr, 0, sizeof(pr));

 	getpass(&key, pr.old, 0, 0);

-	/*

-	 *  negotiate PAK key. we need to retry in case the AS does

-	 *  not support the AuthPAK request or when the user has

-	 *  not yet setup a new key and the AS made one up.

-	 */

-	try = 0;

-	authpak_hash(&key, tr.uid);

-	if(_asgetpakkey(fd, &tr, &key) < 0){

-Retry:

-		try++;

-		close(fd);

-		fd = authdial(nil, s);

-		if(fd < 0)

-			error("authdial: %r");

+	if(dp9ik){

+		authpak_hash(&key, tr.uid);

+		if(_asgetpakkey(fd, &tr, &key) < 0)

+			error("%r");

-	/* send ticket request to AS */

 	if(_asrequest(fd, &tr) < 0)

 		error("%r");

 	if(_asgetresp(fd, &t, nil, &key) < 0)

 		error("%r");

-	if(t.num != AuthTp || strcmp(t.cuid, tr.uid) != 0){

-		if(try == 0)

-			goto Retry;

+	if(t.num != AuthTp || strcmp(t.cuid, tr.uid) != 0)

 		error("bad password");

-	}

 	/* loop trying new passwords */

 	for(;;){

code: plan9front