|
Packit Service |
4684c1 |
AutoGen Definitions options;
|
|
Packit Service |
4684c1 |
prog-name = srptool;
|
|
Packit Service |
4684c1 |
prog-title = "GnuTLS SRP tool";
|
|
Packit Service |
4684c1 |
prog-desc = "Simple program to create SRP parameters.\n";
|
|
Packit Service |
4684c1 |
explain = "";
|
|
Packit Service |
4684c1 |
detail = "Simple program that emulates the programs in the Stanford SRP (Secure
|
|
Packit Service |
4684c1 |
Remote Password) libraries using GnuTLS. It is intended for use in places
|
|
Packit Service |
4684c1 |
where you don't expect SRP authentication to be the used for system users.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
In brief, to use SRP you need to create two files. These are the password
|
|
Packit Service |
4684c1 |
file that holds the users and the verifiers associated with them and the
|
|
Packit Service |
4684c1 |
configuration file to hold the group parameters (called tpasswd.conf).";
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
short-usage = "srptool [options]\nsrptool --help for usage instructions.\n";
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include args-std.def
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = index;
|
|
Packit Service |
4684c1 |
value = i;
|
|
Packit Service |
4684c1 |
arg-type = number;
|
|
Packit Service |
4684c1 |
arg-default = 3;
|
|
Packit Service |
4684c1 |
descrip = "specify the index of the group parameters in tpasswd.conf to use";
|
|
Packit Service |
4684c1 |
doc = "";
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = username;
|
|
Packit Service |
4684c1 |
value = u;
|
|
Packit Service |
4684c1 |
arg-type = string;
|
|
Packit Service |
4684c1 |
descrip = "specify a username";
|
|
Packit Service |
4684c1 |
doc = "";
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = passwd;
|
|
Packit Service |
4684c1 |
value = p;
|
|
Packit Service |
4684c1 |
arg-type = string;
|
|
Packit Service |
4684c1 |
descrip = "specify a password file";
|
|
Packit Service |
4684c1 |
doc = "";
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = salt;
|
|
Packit Service |
4684c1 |
value = s;
|
|
Packit Service |
4684c1 |
arg-type = number;
|
|
Packit Service |
4684c1 |
descrip = "specify salt size";
|
|
Packit Service |
4684c1 |
doc = "";
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = verify;
|
|
Packit Service |
4684c1 |
descrip = "just verify the password.";
|
|
Packit Service |
4684c1 |
doc = "Verifies the password provided against the password file.";
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = passwd-conf;
|
|
Packit Service |
4684c1 |
value = v;
|
|
Packit Service |
4684c1 |
arg-type = string;
|
|
Packit Service |
4684c1 |
descrip = "specify a password conf file.";
|
|
Packit Service |
4684c1 |
doc = "Specify a filename or a PKCS #11 URL to read the CAs from.";
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = create-conf;
|
|
Packit Service |
4684c1 |
arg-type = string;
|
|
Packit Service |
4684c1 |
descrip = "Generate a password configuration file.";
|
|
Packit Service |
4684c1 |
doc = "This generates a password configuration file (tpasswd.conf)
|
|
Packit Service |
4684c1 |
containing the required for TLS parameters.";
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
doc-section = {
|
|
Packit Service |
4684c1 |
ds-type = 'SEE ALSO';
|
|
Packit Service |
4684c1 |
ds-format = 'texi';
|
|
Packit Service |
4684c1 |
ds-text = <<-_EOT_
|
|
Packit Service |
4684c1 |
gnutls-cli-debug (1), gnutls-serv (1), srptool (1), psktool (1), certtool (1)
|
|
Packit Service |
4684c1 |
_EOT_;
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
doc-section = {
|
|
Packit Service |
4684c1 |
ds-type = 'EXAMPLES';
|
|
Packit Service |
4684c1 |
ds-format = 'texi';
|
|
Packit Service |
4684c1 |
ds-text = <<-_EOT_
|
|
Packit Service |
4684c1 |
To create @file{tpasswd.conf} which holds the g and n values for SRP protocol
|
|
Packit Service |
4684c1 |
(generator and a large prime), run:
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ srptool --create-conf /etc/tpasswd.conf
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This command will create @file{/etc/tpasswd} and will add user 'test' (you
|
|
Packit Service |
4684c1 |
will also be prompted for a password). Verifiers are stored by default
|
|
Packit Service |
4684c1 |
in the way libsrp expects.
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ srptool --passwd /etc/tpasswd --passwd-conf /etc/tpasswd.conf -u test
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This command will check against a password. If the password matches
|
|
Packit Service |
4684c1 |
the one in @file{/etc/tpasswd} you will get an ok.
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ srptool --passwd /etc/tpasswd --passwd\-conf /etc/tpasswd.conf --verify -u test
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
_EOT_;
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|