|One-Way Ping (OWAMP)|
owampd.pfsSection: File Formats (5)
Updated: $Date: 2006-11-07 00:54:55 -0500 (Tue, 07 Nov 2006) $
Index Return to Main Contents
NAMEowampd.pfs - One-way latency server pass-phrase store
DESCRIPTIONThe owampd.pfs file is used to hold the identity/pass-phrase pairs needed for owampd to authenticate users. The format of this file is described in the pfstore(1) manual page. The location of this file is controlled by the -c option to owampd.
owampd uses symmetric AES keys for authentication. These keys are derived from a shared secret (the pass-phrase) using the PBKDF2 algorithm (RFC 2898) with an HMAC-SHA1 as the pseudorandom function.
Therefore, the owping client must have access to the exact same pass-phrase that the owampd server uses. Both the client and the server need to derive the same AES key for authentication to work. It is important that the system administrator and end user ensure the pass-phrase is not compromised.
SECURITY CONSIDERATIONSThe pass-phrases in the owampd.pfs file are not encrypted in any way. (They are simply hex encoded.) The security of these pass-phrases are completely dependent upon the security of the filesystem and the discretion of the system administrator.
RESTRICTIONSIdentity names are restricted to 80 characters.
SEE ALSOpfstore(1), owping(1), owampd(8), owampd.limits(5), and the http://e2epi.internet2.edu/owamp/ web site.
ACKNOWLEDGMENTSThis material is based in part on work supported by the National Science Foundation (NSF) under Grant No. ANI-0314723. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF.
This document was created by man2html, using the manual pages.
Time: 14:51:17 GMT, April 18, 2012