|
发表于 2002-10-17 19:10:57
|
显示全部楼层
mdc-ssd man page
MDC-SSD(8) MDC-SSD(8)
NAME
mdc-ssd - Meetinghouse Data Communications SecureSupplicant - 802.1x
protocol supplicant daemon
SYNOPSIS
mdc-ssd [ options ] [ TLS options ]
DESCRIPTION
The MDC SecureSupplicant daemon (mdc-ssd) provides user access to IEEE
Std 802 LAN infrastructure. This draft standard is based on PPP-EAP
(Point-to-Point Extensible Authentication protocol). It allows a user
to access a LAN port and obtain authentication from a server. Current
authentication methods are CHAP-MD5 and SSL/TLS.
The Options may be specified either from the command line, or from one
of several configuration files. A priviledged, default options file is
located in /etc/mdc-ssd/ and its parameters are described below under
GENERAL OPTIONS. The GENERAL OPTIONS control the behavior of mdc-ssd
at a system level and affect all interfaces configured. The file itself
is fully described in the section "Options Files". The default file
(named "options") may be used to specify any of the general options
below.
The options file starts with a section containing general options,
which is followed by a sub-section specific to each authentication
method supported by mdc-ssd.
Port specific parameters are defined in /etc/mdc-ssd/ifcfg. Several
parameters may be configured for each network interface. These parame-
ters are described in the INTERFACE OPTIONS section. The parameters
specified in file /etc/mdc-ssd/ifcfg are associated with each port and
may not be specified on the command line.
The secrets files for the supported authentication protocols are
located in /etc/mdc-ssd/<interface name>. Each protocol supported
(such as CHAP-MD5) for that interface will have it's own secrets file,
in this case, "chap-secrets" in its directory. Each of these is dis-
cussed in the section on secrets files. (currently CHAP-MD5 and TLS).
GENERAL OPTIONS
--version
Outputs the current version of the mdc-ssd daemon.
call name
Read options from the file /etc/mdc-ssd/name. This file may
contain privileged options, even if mdc-ssd is not being run by
root. The name string may not begin with / or include .. as a
pathname component. The format of the options file is described
below.
file name
Read options from file name (the format is described below).
The file must be readable by the user who has invoked mdc-ssd.
This option is priviledged.
dryrun With the dryrun option, mdc-ssd will log all the option values
which have been set and then exit, after parsing the command
line and options files and checking the option values, but
before initiating the link. The option values are logged at
'info' level. If you wish to see the options on standard output
then you should also use the 'nodetach' and 'logfd 1' options.
dump With the dump option, mdc-ssd will print out all the option val-
ues which have been set. This option is like the dryrun option
except that mdc-ssd proceeds as normal rather than exiting.
--help, -h
Show a brief listing of the options available.
logfd n
Send log messages to a secondary log file descriptor n (in addi-
tion to standard syslog logging). mdc-ssd will send log mes-
sages
mdc-ssc man page
MDC_SSC(8) MDC_SSC(8)
NAME
mdc-ssc - client for mdc-ssd supplicant
SYNOPSIS
mdc-ssc [ hostname ] [ port ]
DESCRIPTION
This small program can be used to make the mdc-ssd supplicant daemon
emit EAPOL start or logoff packets from a command line prompt. It will
also display the supplicant's state.
USEAGE
The client is invoked by typing it's name at the command line. If the
default host and port will not work, the desired hostname and port
should follow as command parameters.
The client will respond by typing the prompt >. The following commands
are then valid for entry:
help Display available client commands.
quit Exit the client program.
state <interface>
Display current state of supplicant for the interface indicated.
See STATES section below.
start <interface>
Send an 802.1x START packet to the interface indicated.
logoff <interface>
Send an 802.1x LOGOFF packet for the interface indicated. Note
that according to the protocol, the authenticator will immedi-
ately reauthenticate, thereby opening a new session. To end a
session, the mdc-ss daemon should be exited.
STATES (states of mdc-ssd)
HELD In general this state is entered when you have failed to authen-
ticate. In this state the mdc-ssd is awaiting a 'request id'
from the authenticator or for the 'heldperiod' before ending the
CONNECTING state. Note also, the authenticator may ignore pack-
ets from your mdc-ssd
for a period of time (30-60 seconds). This is a security mea-
sure on the authenticator's part.
CONNECTING
The mdc-ssd has sent a 'start' request to begin the authentica-
tion protocol and is awaiting a request id from the authentica-
tor.
ACQUIRED
The authenticator has sent a 'request id' and the mdc-ssd has
sent its identity. The mdc-ssd is awaiting the first 'authenti-
cation request' from the authenticator.
AUTHENTICATING
The authenticator has sent an 'authentication request' and the
mdc-ssd has replied with the appropriate 'authentication reply'.
The mdc-ssd is awaiting either another 'authentication request'
or an indication of success or failure of our authentication.
AUTHENTICATED
You have successfully authenticated. You have access to the
network.
CONFIGURATION
The client will by default use hostname "localhost" and port 12345.
The mdc-ssd daemon will use the same port by default. Therefore the
client should work properly if executed from the same host as the sup-
plicant, with port 12345 unused. If it is necessary to change the host
or port, do the following:
1. Invoke the client, using the host and port as paramenters to the
mdc-ssc command, in the order [host] [port], separated by white space.
2. Set the mdc-ssd option "clientPort" to the desired port number.
This may be done either when invoking mdc-ssd from the command line, or
from an options file. For a discussion of options and options files,
see the mdc-ssd man page.
SECURITY
The client should be protected from unauthorized use, as it can disrupt
the supplicant remotely. Permissions should be set so that only the
supplicant's user or superuser has execute permission.
AUTHORS
Meetinghouse Data Communications (mtghouse.com): Jim Burns, Steve Pan-
ish, Cetin Ensoy, Denis Bakin, Alex Romanyuk.
MDC_SSC(8) |
|