--- /dev/null
+.\" manual page [] for srp-entry
+.\" $Id: srp-entry.8,v 1.1 2002/11/02 19:48:13 carlsonj Exp $
+.\" SH section heading
+.\" SS subsection heading
+.\" LP paragraph
+.\" IP indented paragraph
+.\" TP hanging label
+.TH SRP-ENTRY 8
+.SH NAME
+srp-entry \- Generate a SRP-SHA1 Server Entry
+.SH SYNOPSIS
+.B srp-entry
+[
+.I -i index
+] [
+.I clientname
+]
+.SH DESCRIPTION
+.LP
+This utility generates an entry suitable for use in the
+/etc/ppp/srp-secrets file on a PPP EAP SRP-SHA1 authenticator
+("server"). This file has the same basic layout as the other pppd(8)
+authentication files, /etc/ppp/pap-secrets and /etc/ppp/chap-secrets.
+Thus, the entry generated has at least four main fields separated by
+spaces. The first field is the authenticatee ("client") name. The
+second is the server name. The third is the secret. The fourth is
+the allowed (or assigned) IP address for the client, and defaults to
+"*". Additional fields can contain additional IP addresses or pppd
+options; see pppd(8) for details.
+.LP
+The third field has three subfields, separated by colons. The first
+subfield is the index of the modulus and generator from SRP's
+/etc/tpasswd.conf. The special value 0 is used to represent the
+well-known modulus and generator specified in the EAP SRP-SHA1 draft.
+The second subfield is the password validator. The third is the
+password salt. These latter two values are encoded in base64 notation.
+.SH OPTIONS
+.TP
+.I -i <index>
+Specifies the modulus/generator index in /etc/tpasswd.conf. In order
+to use this option, you will need to run the "tconf" utility from the
+SRP package to generate local entries for this file. Note that if
+these values are not known to the client, the client will be forced to
+run time-consuming safety tests on the values used. For this reason,
+using the well-known values is recommended.
+.TP
+.I <clientname>
+Specifies the client name. The password validator is a hashed
+combination of the client's name and password, and both are required.
+If the client name is not supplied on the command line, srp-entry will
+prompt for the client name first.
+.SH FILES
+.TP
+.B /etc/ppp/srp-secrets
+Usernames, passwords and IP addresses for SRP authentication. This
+file should be owned by root and not readable or writable by any other
+user. Pppd will log a warning if this is not the case. Note that
+srp-entry does not write to this file. The user is responsible for
+copying the output of srp-entry into this file.
+.TP
+.B /etc/tpasswd.conf
+Indexed copies of tested modulus/generator combinations; part of the
+SRP package.
+.SH SEE ALSO
+.TP
+pppd(8)
+.TP
+.B RFC2284
+Blunk, L., Vollbrecht, J.,
+.I PPP Extensible Authentication Protocol (EAP).
+March 1998.
+.TP
+.B draft-ietf-pppext-eap-srp-03.txt
+Carlson, J., et al.,
+.I EAP SRP-SHA1 Authentication Protocol.
+July 2001.
+.TP
+.B RFC2945
+Wu, T.,
+.I The SRP Authentication and Key Exchange System
+September 2000.
+.SH AUTHOR
+James Carlson (james.d.carlson@sun.com)
projects / ppp.git / blobdiff