NAME¶
bwctld.keys -
Band
width
Con
tro
l Daemon
AES keyfile database
DESCRIPTION¶
The
bwctld.keys file is used to hold the identity/AES keys pairs needed
for
bwctld to authenticate users. The format of this file is described
in the
aespasswd(1) manual page. The location of this file is controlled by
the
-c option to
bwctld but it must be named
bwctld.keys.
bwctld uses symmetric AES keys for authentication. Therefore, the
bwctl client will have to have access to the exact same AES key for
authentication by AES to work. Most likely, the user will simply know the
passphrase that generated the AES key in the first place. Additionally, it is
important that the system administrator and end user ensure the key is not
compromised.
If the
bwctl client is able to authenticate using the identity and AES
key presented,
bwctld will use the directives found in the
bwctld.limits file to map policy restrictions to this connection.
SECURITY CONSIDERATIONS¶
The keys in the
bwctld.keys file are not encrypted in any way. The
security of these keys is completely dependent upon the security of the system
and the discretion of the system administrator.
RESTRICTIONS¶
Identity names are restricted to 16 characters.
SEE ALSO¶
aespasswd(1),
bwctl(1),
bwctld(8),
bwctld.limits(5), and the
http://e2epi.internet2.edu/bwctl/ web site.
ACKNOWLEDGMENTS¶
This material is based in part on work supported by the National Science
Foundation (NSF) under Grant No. ANI-0314723. Any opinions, findings, and
conclusions or recommendations expressed in this material are those of the
author(s) and do not necessarily reflect the views of the NSF.