DESCRIPTION

The bwctld.keys file is used to hold the identity/AES keys pairs needed for bwctld to authenticate users. The format of this file is described in the aespasswd(1) manual page. The location of this file is controlled by the -c option to bwctld but it must be named bwctld.keys.

bwctld uses symmetric AES keys for authentication. Therefore, the bwctl client will have to have access to the exact same AES key for authentication by AES to work. Most likely, the user will simply know the passphrase that generated the AES key in the first place. Additionally, it is important that the system administrator and end user ensure the key is not compromised.

If the bwctl client is able to authenticate using the identity and AES key presented, bwctld will use the directives found in the bwctld.limits file to map policy restrictions to this connection.

SECURITY CONSIDERATIONS

The keys in the bwctld.keys file are not encrypted in any way. The security of these keys is completely dependent upon the security of the system and the discretion of the system administrator.

RESTRICTIONS

Identity names are restricted to 16 characters.

RELATED TO bwctld.keys…

aespasswd(1), bwctl(1), bwctld(8), bwctld.limits(5), and the http://e2epi.internet2.edu/bwctl/ web site.

ACKNOWLEDGMENTS

This material is based in part on work supported by the National Science Foundation (NSF) under Grant No. ANI-0314723. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF.