Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   srp-entry    ( 8 )

создание записи сервера SRP-SHA1 (Generate a SRP-SHA1 Server Entry)

Имя (Name)

srp-entry - Generate a SRP-SHA1 Server Entry


Синопсис (Synopsis)

srp-entry [ -i index ] [ clientname ]


Описание (Description)

This utility generates an entry suitable for use in the /etc/ppp/srp-secrets file on a PPP EAP SRP-SHA1 authenticator ("server"). This file has the same basic layout as the other pppd(8) authentication files, /etc/ppp/pap-secrets and /etc/ppp/chap-secrets. Thus, the entry generated has at least four main fields separated by spaces. The first field is the authenticatee ("client") name. The second is the server name. The third is the secret. The fourth is the allowed (or assigned) IP address for the client, and defaults to "*". Additional fields can contain additional IP addresses or pppd options; see pppd(8) for details.

The third field has three subfields, separated by colons. The first subfield is the index of the modulus and generator from SRP's /etc/tpasswd.conf. The special value 0 is used to represent the well-known modulus and generator specified in the EAP SRP-SHA1 draft. The second subfield is the password validator. The third is the password salt. These latter two values are encoded in base64 notation.


Параметры (Options)

-i <index>
              Specifies the modulus/generator index in
              /etc/tpasswd.conf.  In order to use this option, you will
              need to run the "tconf" utility from the SRP package to
              generate local entries for this file.  Note that if these
              values are not known to the client, the client will be
              forced to run time-consuming safety tests on the values
              used.  For this reason, using the well-known values is
              recommended.

<clientname> Specifies the client name. The password validator is a hashed combination of the client's name and password, and both are required. If the client name is not supplied on the command line, srp-entry will prompt for the client name first.


Файлы (Files)

/etc/ppp/srp-secrets Usernames, passwords and IP addresses for SRP authentication. This file should be owned by root and not readable or writable by any other user. Pppd will log a warning if this is not the case. Note that srp-entry does not write to this file. The user is responsible for copying the output of srp-entry into this file.

/etc/tpasswd.conf Indexed copies of tested modulus/generator combinations; part of the SRP package.


Смотри также (See also)

pppd(8)

RFC2284 Blunk, L., Vollbrecht, J., PPP Extensible Authentication Protocol (EAP). March 1998.

draft-ietf-pppext-eap-srp-03.txt Carlson, J., et al., EAP SRP-SHA1 Authentication Protocol. July 2001.

RFC2945 Wu, T., The SRP Authentication and Key Exchange System September 2000.