| The Android Open Source Project | 8ad0dd2 | 2009-03-03 19:30:31 -0800 | [diff] [blame] | 1 | .\" manual page [] for srp-entry |
| 2 | .\" $Id: srp-entry.8,v 1.2 2004/11/13 12:22:49 paulus Exp $ |
| 3 | .\" SH section heading |
| 4 | .\" SS subsection heading |
| 5 | .\" LP paragraph |
| 6 | .\" IP indented paragraph |
| 7 | .\" TP hanging label |
| 8 | .TH SRP-ENTRY 8 |
| 9 | .SH NAME |
| 10 | srp\-entry \- Generate a SRP\-SHA1 Server Entry |
| 11 | .SH SYNOPSIS |
| 12 | .B srp\-entry |
| 13 | [ |
| 14 | .I \-i index |
| 15 | ] [ |
| 16 | .I clientname |
| 17 | ] |
| 18 | .SH DESCRIPTION |
| 19 | .LP |
| 20 | This utility generates an entry suitable for use in the |
| 21 | /etc/ppp/srp\-secrets file on a PPP EAP SRP\-SHA1 authenticator |
| 22 | ("server"). This file has the same basic layout as the other pppd(8) |
| 23 | authentication files, /etc/ppp/pap\-secrets and /etc/ppp/chap\-secrets. |
| 24 | Thus, the entry generated has at least four main fields separated by |
| 25 | spaces. The first field is the authenticatee ("client") name. The |
| 26 | second is the server name. The third is the secret. The fourth is |
| 27 | the allowed (or assigned) IP address for the client, and defaults to |
| 28 | "*". Additional fields can contain additional IP addresses or pppd |
| 29 | options; see pppd(8) for details. |
| 30 | .LP |
| 31 | The third field has three subfields, separated by colons. The first |
| 32 | subfield is the index of the modulus and generator from SRP's |
| 33 | /etc/tpasswd.conf. The special value 0 is used to represent the |
| 34 | well-known modulus and generator specified in the EAP SRP\-SHA1 draft. |
| 35 | The second subfield is the password validator. The third is the |
| 36 | password salt. These latter two values are encoded in base64 notation. |
| 37 | .SH OPTIONS |
| 38 | .TP |
| 39 | .I \-i <index> |
| 40 | Specifies the modulus/generator index in /etc/tpasswd.conf. In order |
| 41 | to use this option, you will need to run the "tconf" utility from the |
| 42 | SRP package to generate local entries for this file. Note that if |
| 43 | these values are not known to the client, the client will be forced to |
| 44 | run time-consuming safety tests on the values used. For this reason, |
| 45 | using the well-known values is recommended. |
| 46 | .TP |
| 47 | .I <clientname> |
| 48 | Specifies the client name. The password validator is a hashed |
| 49 | combination of the client's name and password, and both are required. |
| 50 | If the client name is not supplied on the command line, srp\-entry will |
| 51 | prompt for the client name first. |
| 52 | .SH FILES |
| 53 | .TP |
| 54 | .B /etc/ppp/srp\-secrets |
| 55 | Usernames, passwords and IP addresses for SRP authentication. This |
| 56 | file should be owned by root and not readable or writable by any other |
| 57 | user. Pppd will log a warning if this is not the case. Note that |
| 58 | srp\-entry does not write to this file. The user is responsible for |
| 59 | copying the output of srp\-entry into this file. |
| 60 | .TP |
| 61 | .B /etc/tpasswd.conf |
| 62 | Indexed copies of tested modulus/generator combinations; part of the |
| 63 | SRP package. |
| 64 | .SH SEE ALSO |
| 65 | .TP |
| 66 | pppd(8) |
| 67 | .TP |
| 68 | .B RFC2284 |
| 69 | Blunk, L., Vollbrecht, J., |
| 70 | .I PPP Extensible Authentication Protocol (EAP). |
| 71 | March 1998. |
| 72 | .TP |
| 73 | .B draft\-ietf\-pppext\-eap\-srp\-03.txt |
| 74 | Carlson, J., et al., |
| 75 | .I EAP SRP\-SHA1 Authentication Protocol. |
| 76 | July 2001. |
| 77 | .TP |
| 78 | .B RFC2945 |
| 79 | Wu, T., |
| 80 | .I The SRP Authentication and Key Exchange System |
| 81 | September 2000. |
| 82 | .SH AUTHOR |
| 83 | James Carlson (james.d.carlson@sun.com) |