You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
2.9 KiB
84 lines
2.9 KiB
.\" manual page [] for srp-entry
|
|
.\" $Id: srp-entry.8,v 1.2 2004/11/13 12:22:49 paulus Exp $
|
|
.\" SH section heading
|
|
.\" SS subsection heading
|
|
.\" LP paragraph
|
|
.\" IP indented paragraph
|
|
.\" TP hanging label
|
|
.TH SRP-ENTRY 8
|
|
.SH NAME
|
|
srp\-entry \- Generate a SRP\-SHA1 Server Entry
|
|
.SH SYNOPSIS
|
|
.B srp\-entry
|
|
[
|
|
.I \-i index
|
|
] [
|
|
.I clientname
|
|
]
|
|
.SH DESCRIPTION
|
|
.LP
|
|
This utility generates an entry suitable for use in the
|
|
/etc/ppp/srp\-secrets file on a PPP EAP SRP\-SHA1 authenticator
|
|
("server"). This file has the same basic layout as the other pppd(8)
|
|
authentication files, /etc/ppp/pap\-secrets and /etc/ppp/chap\-secrets.
|
|
Thus, the entry generated has at least four main fields separated by
|
|
spaces. The first field is the authenticatee ("client") name. The
|
|
second is the server name. The third is the secret. The fourth is
|
|
the allowed (or assigned) IP address for the client, and defaults to
|
|
"*". Additional fields can contain additional IP addresses or pppd
|
|
options; see pppd(8) for details.
|
|
.LP
|
|
The third field has three subfields, separated by colons. The first
|
|
subfield is the index of the modulus and generator from SRP's
|
|
/etc/tpasswd.conf. The special value 0 is used to represent the
|
|
well-known modulus and generator specified in the EAP SRP\-SHA1 draft.
|
|
The second subfield is the password validator. The third is the
|
|
password salt. These latter two values are encoded in base64 notation.
|
|
.SH OPTIONS
|
|
.TP
|
|
.I \-i <index>
|
|
Specifies the modulus/generator index in /etc/tpasswd.conf. In order
|
|
to use this option, you will need to run the "tconf" utility from the
|
|
SRP package to generate local entries for this file. Note that if
|
|
these values are not known to the client, the client will be forced to
|
|
run time-consuming safety tests on the values used. For this reason,
|
|
using the well-known values is recommended.
|
|
.TP
|
|
.I <clientname>
|
|
Specifies the client name. The password validator is a hashed
|
|
combination of the client's name and password, and both are required.
|
|
If the client name is not supplied on the command line, srp\-entry will
|
|
prompt for the client name first.
|
|
.SH FILES
|
|
.TP
|
|
.B /etc/ppp/srp\-secrets
|
|
Usernames, passwords and IP addresses for SRP authentication. This
|
|
file should be owned by root and not readable or writable by any other
|
|
user. Pppd will log a warning if this is not the case. Note that
|
|
srp\-entry does not write to this file. The user is responsible for
|
|
copying the output of srp\-entry into this file.
|
|
.TP
|
|
.B /etc/tpasswd.conf
|
|
Indexed copies of tested modulus/generator combinations; part of the
|
|
SRP package.
|
|
.SH SEE ALSO
|
|
.TP
|
|
pppd(8)
|
|
.TP
|
|
.B RFC2284
|
|
Blunk, L., Vollbrecht, J.,
|
|
.I PPP Extensible Authentication Protocol (EAP).
|
|
March 1998.
|
|
.TP
|
|
.B draft\-ietf\-pppext\-eap\-srp\-03.txt
|
|
Carlson, J., et al.,
|
|
.I EAP SRP\-SHA1 Authentication Protocol.
|
|
July 2001.
|
|
.TP
|
|
.B RFC2945
|
|
Wu, T.,
|
|
.I The SRP Authentication and Key Exchange System
|
|
September 2000.
|
|
.SH AUTHOR
|
|
James Carlson (james.d.carlson@sun.com)
|