owampd.pfs(5) owampd.pfs(5) NAME owampd.pfs - One-way latency server pass-phrase store DESCRIPTION The owampd.pfs file is used to hold the identity/pass-phrase pairs needed for owampd to authenticate users. The format of this file is described in the pfstore(1) manual page. The location of this file is controlled by the -c option to owampd. owampd uses symmetric AES keys for authentication. These keys are derived from a shared secret (the pass-phrase) using the PBKDF2 algo- rithm (RFC 2898) with an HMAC-SHA1 as the pseudorandom function. Therefore, the owping client must have access to the exact same pass- phrase that the owampd server uses. Both the client and the server need to derive the same AES key for authentication to work. It is important that the system administrator and end user ensure the pass-phrase is not compromised. If the owping client is able to authenticate using the identity and derived AES key, owampd will use the directives found in the owampd.limits file to map policy restrictions for this connection. SECURITY CONSIDERATIONS The pass-phrases in the owampd.pfs file are not encrypted in any way. (They are simply hex encoded.) The security of these pass-phrases are completely dependent upon the security of the filesystem and the dis- cretion of the system administrator. RESTRICTIONS Identity names are restricted to 80 characters. SEE ALSO pfstore(1), owping(1), owampd(8), owampd.limits(5), and the http://e2epi.internet2.edu/owamp/ web site. ACKNOWLEDGMENTS This material is based in part on work supported by the National Sci- ence Foundation (NSF) under Grant No. ANI-0314723. Any opinions, find- ings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF. $Date$ owampd.pfs(5)