The owampd.pfs file is used to hold the identity/pass-phrase pairs
needed for owampd to authenticate users. The format of this file
is described in the pfstore(1) manual page. The location of this
file is controlled by the -c option to owampd.
owampd uses symmetric AES keys for authentication. These keys
are derived from a shared secret (the pass-phrase) using the PBKDF2
algorithm (RFC 2898) with an HMAC-SHA1 as the pseudorandom
owping client must have access to the exact same pass-phrase
that the owampd server uses. Both the client and the server
need to derive the same AES key for authentication
to work. It is important that the system administrator and end user
ensure the pass-phrase is not compromised.
If the owping client is able to authenticate using the identity and
derived AES key, owampd will use the directives found in the
owampd.limits file to map policy restrictions for this connection.