--- /dev/null
+EAP with MD5-Challenge and SRP-SHA1 support
+by James Carlson, Sun Microsystems
+Version 2, September 22nd, 2002
+
+
+1. What it does
+
+ The Extensible Authentication Protocol (EAP; RFC 2284) is a
+ security protocol that can be used with PPP. It provides a means
+ to plug in multiple optional authentication methods.
+
+ This implementation includes the required default MD5-Challenge
+ method, which is similar to CHAP (RFC 1994), as well as the new
+ SRP-SHA1 method. This latter method relies on an exchange that is
+ not vulnerable to dictionary attacks (as is CHAP), does not
+ require the server to keep a cleartext copy of the secret (as in
+ CHAP), supports identity privacy, and produces a temporary shared
+ key that could be used for data encryption.
+
+ The SRP-SHA1 method is based on draft-ietf-pppext-eap-srp-03.txt,
+ a work in progress.
+
+2. Required libraries
+
+ Two other packages are required first. Download and install
+ OpenSSL and Thomas Wu's SRP implementation.
+
+ http://www.openssl.org/ (or ftp://ftp.openssl.org/source/)
+ http://srp.stanford.edu/
+
+ Follow the directions in each package to install the SSL and SRP
+ libraries. Once SRP is installed, you may run tconf as root to
+ create known fields, if desired. (This step is not required.)
+
+3. Installing the patch
+
+ The EAP-SRP patch described here is integrated into this version
+ of pppd. The following patch may be used with older pppd sources:
+
+ ftp://playground.sun.com/carlsonj/eap/ppp-2.4.1-eap-1.tar.gz
+
+ Configure, compile, and install as root. You may want to edit
+ pppd/Makefile after configuring to enable or disable optional
+ features.
+
+ % ./configure
+ % make
+ % su
+ # make install
+
+ If you use csh or tcsh, run "rehash" to pick up the new commands.
+
+ If you're using Solaris, and you run into trouble with the
+ pseudonym feature on the server side ("no DES here" shows in the
+ log file), make sure that you have the "domestic" versions of the
+ DES libraries linked. You should see "crypt_d" in "ldd
+ /usr/local/bin/pppd". If you see "crypt_i" instead, then make
+ sure that /usr/lib/libcrypt.* links to /usr/lib/libcrypt_d.*. (If
+ you have the international version of Solaris, then you won't have
+ crypt_d. You might want to find an alternative DES library.)
+
+4. Adding the secrets
+
+ On the EAP SRP-SHA1 client side, access to the cleartext secret is
+ required. This can be done in two ways:
+
+ - Enter the client name, server name, and password in the
+ /etc/ppp/srp-secrets file. This file has the same format as
+ the existing chap-secrets and pap-secrets files.
+
+ clientname servername "secret here"
+
+ - Use the "password" option in any of the standard
+ configuration files (or the command line) to specify the
+ secret.
+
+ password "secret here"
+
+ On the EAP SRP-SHA1 server side, a secret verifier is required.
+ This is a one-way hash of the client's name and password. To
+ generate this value, run the srp-entry program (see srp-entry(8)).
+ This program prompts for the client name and the passphrase (the
+ secret). The output will be an entry, such as the following,
+ suitable for use in the server's srp-secrets file. Note that if
+ this is transferred by cut-and-paste, the entry must be a single
+ line of text in the file.
+
+pppuser srpserver 0:LFDpwg4HBLi4/kWByzbZpW6pE95/iIWBSt7L.DAkHsvwQphtiq0f6reoUy/1LC1qYqjcrV97lCDmQHQd4KIACGgtkhttLdP3KMowvS0wLXLo25FPJeG2sMAUEWu/HlJPn2/gHyh9aT.ZxUs5MsoQ1E61sJkVBc.2qze1CdZiQGTK3qtWRP6DOpM1bfhKtPoVm.g.MiCcTMWzc54xJUIA0mgKtpthE3JrqCc81cXUt4DYi5yBzeeGTqrI0z2/Gj8Jp7pS4Fkq3GmnYjMxnKfQorFXNwl3m7JSaPa8Gj9/BqnorJOsnSMlIhBe6dy4CYytuTbNb4Wv/nFkmSThK782V:2cIyMp1yKslQgE *
+
+ The "secret" field consists of three entries separated by colons.
+ The first entry is the index of the modulus and generator from
+ SRP's /etc/tpasswd.conf. If the special value 0 is used, then the
+ well-known modulus/generator value is used (this is recommended,
+ because it is much faster). The second value is the verifier
+ value. The third is the password "salt." These latter two values
+ are encoded in base64 notation.
+
+ For EAP MD5-Challenge, both client and server use the existing
+ /etc/ppp/chap-secrets file.
+
+5. Configuration options
+
+ There are two main options relating to EAP available for the
+ client. These are:
+
+ refuse-eap - refuse to authenticate with EAP
+ srp-use-pseudonym - use the identity privacy if
+ offered by server
+
+ The second option stores a pseudonym, if offered by the EAP
+ SRP-SHA1 server, in the $HOME/.ppp_pseudonym file. The pseudonym
+ is typically an encrypted version of the client identity. During
+ EAP start-up, the pseudonym stored in this file is offered to the
+ peer as the identity. If this is accepted by the peer, then
+ eavesdroppers will be unable to determine the identity of the
+ client. Each time the client is authenticated, the server will
+ offer a new pseudoname to the client using an obscured (reversibly
+ encrypted) message. Thus, access across successive sessions
+ cannot be tracked.
+
+ There are two main options for EAP on the server:
+
+ require-eap - require client to use EAP
+ srp-pn-secret "string" - set server's pseudoname secret
+
+ The second option sets the long-term secret used on the server to
+ encrypt the user's identity to produce pseudonames. The
+ pseudoname is constructed by hashing this string with the current
+ date (to the nearest day) with SHA1, then using this hash as the
+ key for a DES encryption of the client's name. The date is added
+ to the hash for two reasons. First, this allows the pseudonym to
+ change daily. Second, it allows the server to decode any previous
+ pseudonym by trying previous dates.
+
+ See the pppd(8) man page for additional options.
+
+6. Comments welcome!
+
+ This is still an experimental implementation. It has been tested
+ and reviewed carefully for correctness, but may still be
+ incomplete or have other flaws. All comments are welcome. Please
+ address them to the author:
+
+ james.d.carlson@sun.com
+
+ or, for EAP itself or the SRP extensions to EAP, to the IETF PPP
+ Extensions working group:
+
+ ietf-ppp@merit.edu
projects / ppp.git / blobdiff