| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 |
- .\" manual page [] for srp-entry
- .\" $Id: srp-entry.8,v 1.2 2004/11/13 12:22:49 paulus Exp $
- .\" SH section heading
- .\" SS subsection heading
- .\" LP paragraph
- .\" IP indented paragraph
- .\" TP hanging label
- .TH SRP-ENTRY 8
- .SH NAME
- srp\-entry \- Generate a SRP\-SHA1 Server Entry
- .SH SYNOPSIS
- .B srp\-entry
- [
- .I \-i index
- ] [
- .I clientname
- ]
- .SH DESCRIPTION
- .LP
- This utility generates an entry suitable for use in the
- /etc/ppp/srp\-secrets file on a PPP EAP SRP\-SHA1 authenticator
- ("server"). This file has the same basic layout as the other pppd(8)
- authentication files, /etc/ppp/pap\-secrets and /etc/ppp/chap\-secrets.
- Thus, the entry generated has at least four main fields separated by
- spaces. The first field is the authenticatee ("client") name. The
- second is the server name. The third is the secret. The fourth is
- the allowed (or assigned) IP address for the client, and defaults to
- "*". Additional fields can contain additional IP addresses or pppd
- options; see pppd(8) for details.
- .LP
- The third field has three subfields, separated by colons. The first
- subfield is the index of the modulus and generator from SRP's
- /etc/tpasswd.conf. The special value 0 is used to represent the
- well-known modulus and generator specified in the EAP SRP\-SHA1 draft.
- The second subfield is the password validator. The third is the
- password salt. These latter two values are encoded in base64 notation.
- .SH OPTIONS
- .TP
- .I \-i <index>
- Specifies the modulus/generator index in /etc/tpasswd.conf. In order
- to use this option, you will need to run the "tconf" utility from the
- SRP package to generate local entries for this file. Note that if
- these values are not known to the client, the client will be forced to
- run time-consuming safety tests on the values used. For this reason,
- using the well-known values is recommended.
- .TP
- .I <clientname>
- Specifies the client name. The password validator is a hashed
- combination of the client's name and password, and both are required.
- If the client name is not supplied on the command line, srp\-entry will
- prompt for the client name first.
- .SH FILES
- .TP
- .B /etc/ppp/srp\-secrets
- Usernames, passwords and IP addresses for SRP authentication. This
- file should be owned by root and not readable or writable by any other
- user. Pppd will log a warning if this is not the case. Note that
- srp\-entry does not write to this file. The user is responsible for
- copying the output of srp\-entry into this file.
- .TP
- .B /etc/tpasswd.conf
- Indexed copies of tested modulus/generator combinations; part of the
- SRP package.
- .SH SEE ALSO
- .TP
- pppd(8)
- .TP
- .B RFC2284
- Blunk, L., Vollbrecht, J.,
- .I PPP Extensible Authentication Protocol (EAP).
- March 1998.
- .TP
- .B draft\-ietf\-pppext\-eap\-srp\-03.txt
- Carlson, J., et al.,
- .I EAP SRP\-SHA1 Authentication Protocol.
- July 2001.
- .TP
- .B RFC2945
- Wu, T.,
- .I The SRP Authentication and Key Exchange System
- September 2000.
- .SH AUTHOR
- James Carlson (james.d.carlson@sun.com)
|
