pppd/srp-entry.8 - manifest_repos/ppp - Git at Google

 .\" manual page [] for srp-entry
 .\" $Id: srp-entry.8,v 1.2 2004/11/13 12:22:49 paulus Exp $
 .\" SH section heading
 .\" SS subsection heading
 .\" LP paragraph
 .\" IP indented paragraph
 .\" TP hanging label
 .TH SRP-ENTRY 8
 .SH NAME
 srp\-entry \- Generate a SRP\-SHA1 Server Entry
 .SH SYNOPSIS
 .B srp\-entry
 [
 .I \-i index
 ] [
 .I clientname
 ]
 .SH DESCRIPTION
 .LP
 This utility generates an entry suitable for use in the
 /etc/ppp/srp\-secrets file on a PPP EAP SRP\-SHA1 authenticator
 ("server").  This file has the same basic layout as the other pppd(8)
 authentication files, /etc/ppp/pap\-secrets and /etc/ppp/chap\-secrets.
 Thus, the entry generated has at least four main fields separated by
 spaces.  The first field is the authenticatee ("client") name.  The
 second is the server name.  The third is the secret.  The fourth is
 the allowed (or assigned) IP address for the client, and defaults to
 "*".  Additional fields can contain additional IP addresses or pppd
 options; see pppd(8) for details.
 .LP
 The third field has three subfields, separated by colons.  The first
 subfield is the index of the modulus and generator from SRP's
 /etc/tpasswd.conf.  The special value 0 is used to represent the
 well-known modulus and generator specified in the EAP SRP\-SHA1 draft.
 The second subfield is the password validator.  The third is the
 password salt.  These latter two values are encoded in base64 notation.
 .SH OPTIONS
 .TP
 .I \-i <index>
 Specifies the modulus/generator index in /etc/tpasswd.conf.  In order
 to use this option, you will need to run the "tconf" utility from the
 SRP package to generate local entries for this file.  Note that if
 these values are not known to the client, the client will be forced to
 run time-consuming safety tests on the values used.  For this reason,
 using the well-known values is recommended.
 .TP
 .I <clientname>
 Specifies the client name.  The password validator is a hashed
 combination of the client's name and password, and both are required.
 If the client name is not supplied on the command line, srp\-entry will
 prompt for the client name first.
 .SH FILES
 .TP
 .B /etc/ppp/srp\-secrets
 Usernames, passwords and IP addresses for SRP authentication.  This
 file should be owned by root and not readable or writable by any other
 user.  Pppd will log a warning if this is not the case.  Note that
 srp\-entry does not write to this file.  The user is responsible for
 copying the output of srp\-entry into this file.
 .TP
 .B /etc/tpasswd.conf
 Indexed copies of tested modulus/generator combinations; part of the
 SRP package.
 .SH SEE ALSO
 .TP
 pppd(8)
 .TP
 .B RFC2284
 Blunk, L., Vollbrecht, J.,
 .I PPP Extensible Authentication Protocol (EAP).
 March 1998.
 .TP
 .B draft\-ietf\-pppext\-eap\-srp\-03.txt
 Carlson, J., et al.,
 .I EAP SRP\-SHA1 Authentication Protocol.
 July 2001.
 .TP
 .B RFC2945
 Wu, T.,
 .I The SRP Authentication and Key Exchange System
 September 2000.
 .SH AUTHOR
 James Carlson (james.d.carlson@sun.com)
	.\" manual page [] for srp-entry
	.\" $Id: srp-entry.8,v 1.2 2004/11/13 12:22:49 paulus Exp $
	.\" SH section heading
	.\" SS subsection heading
	.\" LP paragraph
	.\" IP indented paragraph
	.\" TP hanging label
	.TH SRP-ENTRY 8
	.SH NAME
	srp\-entry \- Generate a SRP\-SHA1 Server Entry
	.SH SYNOPSIS
	.B srp\-entry
	[
	.I \-i index
	] [
	.I clientname
	]
	.SH DESCRIPTION
	.LP
	This utility generates an entry suitable for use in the
	/etc/ppp/srp\-secrets file on a PPP EAP SRP\-SHA1 authenticator
	("server"). This file has the same basic layout as the other pppd(8)
	authentication files, /etc/ppp/pap\-secrets and /etc/ppp/chap\-secrets.
	Thus, the entry generated has at least four main fields separated by
	spaces. The first field is the authenticatee ("client") name. The
	second is the server name. The third is the secret. The fourth is
	the allowed (or assigned) IP address for the client, and defaults to
	"*". Additional fields can contain additional IP addresses or pppd
	options; see pppd(8) for details.
	.LP
	The third field has three subfields, separated by colons. The first
	subfield is the index of the modulus and generator from SRP's
	/etc/tpasswd.conf. The special value 0 is used to represent the
	well-known modulus and generator specified in the EAP SRP\-SHA1 draft.
	The second subfield is the password validator. The third is the
	password salt. These latter two values are encoded in base64 notation.
	.SH OPTIONS
	.TP
	.I \-i <index>
	Specifies the modulus/generator index in /etc/tpasswd.conf. In order
	to use this option, you will need to run the "tconf" utility from the
	SRP package to generate local entries for this file. Note that if
	these values are not known to the client, the client will be forced to
	run time-consuming safety tests on the values used. For this reason,
	using the well-known values is recommended.
	.TP
	.I <clientname>
	Specifies the client name. The password validator is a hashed
	combination of the client's name and password, and both are required.
	If the client name is not supplied on the command line, srp\-entry will
	prompt for the client name first.
	.SH FILES
	.TP
	.B /etc/ppp/srp\-secrets
	Usernames, passwords and IP addresses for SRP authentication. This
	file should be owned by root and not readable or writable by any other
	user. Pppd will log a warning if this is not the case. Note that
	srp\-entry does not write to this file. The user is responsible for
	copying the output of srp\-entry into this file.
	.TP
	.B /etc/tpasswd.conf
	Indexed copies of tested modulus/generator combinations; part of the
	SRP package.
	.SH SEE ALSO
	.TP
	pppd(8)
	.TP
	.B RFC2284
	Blunk, L., Vollbrecht, J.,
	.I PPP Extensible Authentication Protocol (EAP).
	March 1998.
	.TP
	.B draft\-ietf\-pppext\-eap\-srp\-03.txt
	Carlson, J., et al.,
	.I EAP SRP\-SHA1 Authentication Protocol.
	July 2001.
	.TP
	.B RFC2945
	Wu, T.,
	.I The SRP Authentication and Key Exchange System
	September 2000.
	.SH AUTHOR
	James Carlson (james.d.carlson@sun.com)