Nokia IPSO 4.0 User Manual

1. Click Users under Configuration > Security and Access Configuration in the tree view.

2. Enable the Admin S/Key or Monitor S/Key by selecting either the Allowed or Required 

radio buttons.

„

Disabled—S/Key passwords are turned off and cannot be used. 

„

Allowed—the user can use either a standard text password or an S/Key one-time 
password.

„

Required—only S/Key one-time passwords are allowed for connecting through Telnet or 
FTP.

3. Click Apply.

The Current Standard password, S/Key Secret Password, and S/Key Secret Password 
(verify) text boxes appear.

4. Enter the current standard password in the Current Standard password text box.

5. Choose a secret password for S/Key that is between four and eight alphanumeric characters 

long, and enter it in the S/Key Secret Password text box.

6. Enter the S/Key secret password again in the S/Key Secret Password (verify) text box.

7. Click Apply.

The sequence number and the seed appear. The sequence number begins at 99 and goes 
backward after every subsequent S/Key password is generated. The seed is associated with 
the S/Key secret password.

8. Click Save to make your changes permanent.

You must have an S/Key calculator on your platform to generate the S/Key one-time password 
(OTP). Many UNIX-derived and UNIX-like systems include the S/Key calculator command 
key. Many GUI calculators include support for MD4 (S/Key) algorithms and MD5 (OPIE) 
algorithms. Be sure to configure such calculators to use MD4 algorithms.

Note
The OTP is typically a string, or strings, that contain a series of words, for example, NASH 
TINE LISA HEY WORE DISC. You must enter all the words in the valid string at the 
password prompt.

1. Log in to the firewall with a Telnet or FTP client. 

2. At the prompt, enter either admin or monitor as a user name.

3. The server returns an S/Key challenge, which is comprised of the S/key sequence number 

and seed, for example, 95 ma74213.