|
Packit Service |
4684c1 |
@node srptool Invocation
|
|
Packit Service |
4684c1 |
@subsubsection Invoking srptool
|
|
Packit Service |
4684c1 |
@pindex srptool
|
|
Packit Service |
4684c1 |
@ignore
|
|
Packit Service |
4684c1 |
# -*- buffer-read-only: t -*- vi: set ro:
|
|
Packit Service |
4684c1 |
#
|
|
Packit Service |
4684c1 |
# DO NOT EDIT THIS FILE (invoke-srptool.texi)
|
|
Packit Service |
4684c1 |
#
|
|
Packit Service |
4684c1 |
# It has been AutoGen-ed
|
|
Packit Service |
4684c1 |
# From the definitions ../src/srptool-args.def
|
|
Packit Service |
4684c1 |
# and the template file agtexi-cmd.tpl
|
|
Packit Service |
4684c1 |
@end ignore
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Simple program that emulates the programs in the Stanford SRP (Secure
|
|
Packit Service |
4684c1 |
Remote Password) libraries using GnuTLS. It is intended for use in places
|
|
Packit Service |
4684c1 |
where you don't expect SRP authentication to be the used for system users.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
In brief, to use SRP you need to create two files. These are the password
|
|
Packit Service |
4684c1 |
file that holds the users and the verifiers associated with them and the
|
|
Packit Service |
4684c1 |
configuration file to hold the group parameters (called tpasswd.conf).
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This section was generated by @strong{AutoGen},
|
|
Packit Service |
4684c1 |
using the @code{agtexi-cmd} template and the option descriptions for the @code{srptool} program.
|
|
Packit Service |
4684c1 |
This software is released under the GNU General Public License, version 3 or later.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@anchor{srptool usage}
|
|
Packit Service |
4684c1 |
@subsubheading srptool help/usage (@option{--help})
|
|
Packit Service |
4684c1 |
@cindex srptool help
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is the automatically generated usage text for srptool.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The text printed is the same whether selected with the @code{help} option
|
|
Packit Service |
4684c1 |
(@option{--help}) or the @code{more-help} option (@option{--more-help}). @code{more-help} will print
|
|
Packit Service |
4684c1 |
the usage text by passing it through a pager program.
|
|
Packit Service |
4684c1 |
@code{more-help} is disabled on platforms without a working
|
|
Packit Service |
4684c1 |
@code{fork(2)} function. The @code{PAGER} environment variable is
|
|
Packit Service |
4684c1 |
used to select the program, defaulting to @file{more}. Both will exit
|
|
Packit Service |
4684c1 |
with a status code of 0.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@exampleindent 0
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
srptool - GnuTLS SRP tool
|
|
Packit Service |
4684c1 |
Usage: srptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-d, --debug=num Enable debugging
|
|
Packit Service |
4684c1 |
- it must be in the range:
|
|
Packit Service |
4684c1 |
0 to 9999
|
|
Packit Service |
4684c1 |
-i, --index=num specify the index of the group parameters in tpasswd.conf to use
|
|
Packit Service |
4684c1 |
-u, --username=str specify a username
|
|
Packit Service |
4684c1 |
-p, --passwd=str specify a password file
|
|
Packit Service |
4684c1 |
-s, --salt=num specify salt size
|
|
Packit Service |
4684c1 |
--verify just verify the password.
|
|
Packit Service |
4684c1 |
-v, --passwd-conf=str specify a password conf file.
|
|
Packit Service |
4684c1 |
--create-conf=str Generate a password configuration file.
|
|
Packit Service |
4684c1 |
-v, --version[=arg] output version information and exit
|
|
Packit Service |
4684c1 |
-h, --help display extended usage information and exit
|
|
Packit Service |
4684c1 |
-!, --more-help extended usage information passed thru pager
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Options are specified by doubled hyphens and their name or by a single
|
|
Packit Service |
4684c1 |
hyphen and the flag character.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Simple program that emulates the programs in the Stanford SRP (Secure
|
|
Packit Service |
4684c1 |
Remote Password) libraries using GnuTLS. It is intended for use in places
|
|
Packit Service |
4684c1 |
where you don't expect SRP authentication to be the used for system users.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
In brief, to use SRP you need to create two files. These are the password
|
|
Packit Service |
4684c1 |
file that holds the users and the verifiers associated with them and the
|
|
Packit Service |
4684c1 |
configuration file to hold the group parameters (called tpasswd.conf).
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
@exampleindent 4
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@anchor{srptool debug}
|
|
Packit Service |
4684c1 |
@subsubheading debug option (-d)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is the ``enable debugging'' option.
|
|
Packit Service |
4684c1 |
This option takes a number argument.
|
|
Packit Service |
4684c1 |
Specifies the debug level.
|
|
Packit Service |
4684c1 |
@anchor{srptool verify}
|
|
Packit Service |
4684c1 |
@subsubheading verify option
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is the ``just verify the password.'' option.
|
|
Packit Service |
4684c1 |
Verifies the password provided against the password file.
|
|
Packit Service |
4684c1 |
@anchor{srptool passwd-conf}
|
|
Packit Service |
4684c1 |
@subsubheading passwd-conf option (-v)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is the ``specify a password conf file.'' option.
|
|
Packit Service |
4684c1 |
This option takes a string argument.
|
|
Packit Service |
4684c1 |
Specify a filename or a PKCS #11 URL to read the CAs from.
|
|
Packit Service |
4684c1 |
@anchor{srptool create-conf}
|
|
Packit Service |
4684c1 |
@subsubheading create-conf option
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is the ``generate a password configuration file.'' option.
|
|
Packit Service |
4684c1 |
This option takes a string argument.
|
|
Packit Service |
4684c1 |
This generates a password configuration file (tpasswd.conf)
|
|
Packit Service |
4684c1 |
containing the required for TLS parameters.
|
|
Packit Service |
4684c1 |
@anchor{srptool exit status}
|
|
Packit Service |
4684c1 |
@subsubheading srptool exit status
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
One of the following exit values will be returned:
|
|
Packit Service |
4684c1 |
@table @samp
|
|
Packit Service |
4684c1 |
@item 0 (EXIT_SUCCESS)
|
|
Packit Service |
4684c1 |
Successful program execution.
|
|
Packit Service |
4684c1 |
@item 1 (EXIT_FAILURE)
|
|
Packit Service |
4684c1 |
The operation failed or the command syntax was not valid.
|
|
Packit Service |
4684c1 |
@end table
|
|
Packit Service |
4684c1 |
@anchor{srptool See Also}
|
|
Packit Service |
4684c1 |
@subsubheading srptool See Also
|
|
Packit Service |
4684c1 |
gnutls-cli-debug (1), gnutls-serv (1), srptool (1), psktool (1), certtool (1)
|
|
Packit Service |
4684c1 |
@anchor{srptool Examples}
|
|
Packit Service |
4684c1 |
@subsubheading srptool Examples
|
|
Packit Service |
4684c1 |
To create @file{tpasswd.conf} which holds the g and n values for SRP protocol
|
|
Packit Service |
4684c1 |
(generator and a large prime), run:
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ srptool --create-conf /etc/tpasswd.conf
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This command will create @file{/etc/tpasswd} and will add user 'test' (you
|
|
Packit Service |
4684c1 |
will also be prompted for a password). Verifiers are stored by default
|
|
Packit Service |
4684c1 |
in the way libsrp expects.
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This command will check against a password. If the password matches
|
|
Packit Service |
4684c1 |
the one in @file{/etc/tpasswd} you will get an ok.
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ srptool --passwd /etc/tpasswd --passwd\-conf /etc/tpasswd.conf --verify -u test
|
|
Packit Service |
4684c1 |
@end example
|