|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| owampd.pfs(5) | FreeBSD File Formats Manual | owampd.pfs(5) |
NAME
owampd.pfs - One-way latency server pass-phrase storeDESCRIPTION
The owampd.pfs file is used to hold the identity/pass-phrase pairs needed for owampd to authenticate users. The format of this file is described in the pfstore(1) manual page. The location of this file is controlled by the -c option to owampd.owampd uses symmetric AES keys for authentication. These keys are derived from a shared secret (the pass-phrase) using the PBKDF2 algorithm (RFC 2898) with an HMAC-SHA1 as the pseudorandom function.
Therefore, the owping client must have access to the exact same pass-phrase that the owampd server uses. Both the client and the server need to derive the same AES key for authentication to work. It is important that the system administrator and end user ensure the pass-phrase is not compromised.
If the owping client is able to authenticate using the identity and derived AES key, owampd will use the directives found in the owampd.limits file to map policy restrictions for this connection.
SECURITY CONSIDERATIONS
The pass-phrases in the owampd.pfs file are not encrypted in any way. (They are simply hex encoded.) The security of these pass-phrases are completely dependent upon the security of the filesystem and the discretion of the system administrator.RESTRICTIONS
Identity names are restricted to 80 characters.SEE ALSO
pfstore(1), owping(1), owampd(8), owampd.limits(5), and the http://e2epi.internet2.edu/owamp/ web site.ACKNOWLEDGMENTS
This material is based in part on work supported by the National Science Foundation (NSF) under Grant No. ANI-0314723. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF.| $Date: 2006-11-07 00:54:55 -0500 (Tue, 07 Nov 2006) $ |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.