diff options
author | James Carlson <carlsonj@workingcode.com> | 2002-11-02 19:48:13 +0000 |
---|---|---|
committer | James Carlson <carlsonj@workingcode.com> | 2002-11-02 19:48:13 +0000 |
commit | d741a3b912f17d84dc8dc87474e0b989c775de50 (patch) | |
tree | 5ce171ff71a164b9e8b41247186e89935bdfc556 /pppd/srp-entry.8 | |
parent | 767b224b09e000895b0918937edd19041e40e6f6 (diff) | |
download | ppp-d741a3b912f17d84dc8dc87474e0b989c775de50.tar.gz |
Added EAP support with MD5-Challenge and SRP-SHA1 methods. Tested
on Linux (with both methods) and on Solaris (just MD5-Challenge).
Fixed several Makefiles that were missing references to required
modules such as tty.o.
Diffstat (limited to 'pppd/srp-entry.8')
-rw-r--r-- | pppd/srp-entry.8 | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/pppd/srp-entry.8 b/pppd/srp-entry.8 new file mode 100644 index 0000000..ceb516a --- /dev/null +++ b/pppd/srp-entry.8 @@ -0,0 +1,83 @@ +.\" manual page [] for srp-entry +.\" $Id: srp-entry.8,v 1.1 2002/11/02 19:48:13 carlsonj Exp $ +.\" SH section heading +.\" SS subsection heading +.\" LP paragraph +.\" IP indented paragraph +.\" TP hanging label +.TH SRP-ENTRY 8 +.SH NAME +srp-entry \- Generate a SRP-SHA1 Server Entry +.SH SYNOPSIS +.B srp-entry +[ +.I -i index +] [ +.I clientname +] +.SH DESCRIPTION +.LP +This utility generates an entry suitable for use in the +/etc/ppp/srp-secrets file on a PPP EAP SRP-SHA1 authenticator +("server"). This file has the same basic layout as the other pppd(8) +authentication files, /etc/ppp/pap-secrets and /etc/ppp/chap-secrets. +Thus, the entry generated has at least four main fields separated by +spaces. The first field is the authenticatee ("client") name. The +second is the server name. The third is the secret. The fourth is +the allowed (or assigned) IP address for the client, and defaults to +"*". Additional fields can contain additional IP addresses or pppd +options; see pppd(8) for details. +.LP +The third field has three subfields, separated by colons. The first +subfield is the index of the modulus and generator from SRP's +/etc/tpasswd.conf. The special value 0 is used to represent the +well-known modulus and generator specified in the EAP SRP-SHA1 draft. +The second subfield is the password validator. The third is the +password salt. These latter two values are encoded in base64 notation. +.SH OPTIONS +.TP +.I -i <index> +Specifies the modulus/generator index in /etc/tpasswd.conf. In order +to use this option, you will need to run the "tconf" utility from the +SRP package to generate local entries for this file. Note that if +these values are not known to the client, the client will be forced to +run time-consuming safety tests on the values used. For this reason, +using the well-known values is recommended. +.TP +.I <clientname> +Specifies the client name. The password validator is a hashed +combination of the client's name and password, and both are required. +If the client name is not supplied on the command line, srp-entry will +prompt for the client name first. +.SH FILES +.TP +.B /etc/ppp/srp-secrets +Usernames, passwords and IP addresses for SRP authentication. This +file should be owned by root and not readable or writable by any other +user. Pppd will log a warning if this is not the case. Note that +srp-entry does not write to this file. The user is responsible for +copying the output of srp-entry into this file. +.TP +.B /etc/tpasswd.conf +Indexed copies of tested modulus/generator combinations; part of the +SRP package. +.SH SEE ALSO +.TP +pppd(8) +.TP +.B RFC2284 +Blunk, L., Vollbrecht, J., +.I PPP Extensible Authentication Protocol (EAP). +March 1998. +.TP +.B draft-ietf-pppext-eap-srp-03.txt +Carlson, J., et al., +.I EAP SRP-SHA1 Authentication Protocol. +July 2001. +.TP +.B RFC2945 +Wu, T., +.I The SRP Authentication and Key Exchange System +September 2000. +.SH AUTHOR +James Carlson (james.d.carlson@sun.com) |