1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 2 3<html> 4 <head> 5 <meta name="generator" content="HTML Tidy, see www.w3.org"> 6 <title>Using MD5 for Authentication</title> 7 <meta name="GENERATOR" content= 8 "Modular DocBook HTML Stylesheet Version 1.7"> 9 <link rel="HOME" title=" LPRng Reference Manual" href= 10 "index.htm"> 11 <link rel="UP" title="Permissions and Authentication " href= 12 "permsref.htm"> 13 <link rel="PREVIOUS" title="Using SSL for Authentication" href= 14 "x9412.htm"> 15 <link rel="NEXT" title="Adding Authentication Support" href= 16 "x9556.htm"> 17 </head> 18 19 <body class="SECT1" bgcolor="#FFFFFF" text="#000000" link= 20 "#0000FF" vlink="#840084" alink="#0000FF"> 21 <div class="NAVHEADER"> 22 <table summary="Header navigation table" width="100%" border= 23 "0" cellpadding="0" cellspacing="0"> 24 <tr> 25 <th colspan="3" align="center">LPRng Reference Manual: 5 26 Sep 2003 (For LPRng-3.8.22)</th> 27 </tr> 28 29 <tr> 30 <td width="10%" align="left" valign="bottom"><a href= 31 "x9412.htm" accesskey="P">Prev</a></td> 32 33 <td width="80%" align="center" valign="bottom">Chapter 34 17. Permissions and Authentication</td> 35 36 <td width="10%" align="right" valign="bottom"><a href= 37 "x9556.htm" accesskey="N">Next</a></td> 38 </tr> 39 </table> 40 <hr align="LEFT" width="100%"> 41 </div> 42 43 <div class="SECT1"> 44 <h1 class="SECT1"><a name="AEN9489">17.16. Using MD5 for 45 Authentication</a></h1> 46 47 <p><b class="APPLICATION">LPRng</b> has built-in support for 48 using MD5 digests as an authentication method. The 49 implementation is provided as an example of how to add user 50 level authentication into the <b class= 51 "APPLICATION">LPRng</b> system.</p> 52 53 <p>The method used to do authentication is very simple. Each 54 user has a file containing a set of keys that are used to 55 salt an md5 hash. The information being transferred has its 56 md5 checksum calculated using this salt, and is then 57 transferred to the destination, along with the md5 hash 58 result. At the destination the server will get the user id, 59 obtain the salt value from a key file, and then calculate the 60 md5 hash value. If the two are in agreement, authentication 61 is successful.</p> 62 63 <p>The keyfile used for md5 authentication contains an id 64 followed by a text string whose binary value is used as a 65 hash key:</p> 66 67 <div class="INFORMALEXAMPLE"> 68 <a name="AEN9496"></a> 69<pre class="SCREEN"> 70 id1=key 71 id2=key 72 73 Example: 74 75 lpr@h2=tadf79asd%^1asdf 76 lpr@h1=fdfa%$^&^%$ 77</pre> 78 </div> 79 <br> 80 <br> 81 82 <div class="SECT2"> 83 <h2 class="SECT2"><a name="AEN9498">17.16.1. Printcap 84 Entries</a></h2> 85 86 <p>Options used:</p> 87 88 <ul> 89 <li> 90 <p><var class="LITERAL">auth=md5</var><span class= 91 "emphasis"><i class="EMPHASIS">use MD5 92 authentication</i></span></p> 93 </li> 94 95 <li> 96 <p><var class="LITERAL">auth_forward=md5</var><span 97 class="emphasis"><i class="EMPHASIS">forward using MD5 98 authentication</i></span></p> 99 </li> 100 101 <li> 102 <p><var class="LITERAL">md5_id=</var><span class= 103 "emphasis"><i class="EMPHASIS">id for 104 server</i></span></p> 105 </li> 106 107 <li> 108 <p><var class="LITERAL">md5_forward_id=</var><span 109 class="emphasis"><i class="EMPHASIS">id for 110 server</i></span></p> 111 </li> 112 113 <li> 114 <p><var class="LITERAL">md5_server_keyfile=</var><span 115 class="emphasis"><i class="EMPHASIS">server 116 keyfile</i></span></p> 117 </li> 118 </ul> 119 <br> 120 <br> 121 122 <p>Example printcap entry:</p> 123 124 <div class="INFORMALEXAMPLE"> 125 <a name="AEN9523"></a> 126<pre class="SCREEN"> 127 pr: 128 :lp=pr@wayoff 129 :auth=md5 130 :md5_id=lpr@wayoff.com 131 pr:server 132 :auth_forward=md5 133 :md5_id=lpr@wayoff.com 134 :md5_server_keyfile 135 :md5_forward_id=lpr@faroff.com 136</pre> 137 </div> 138 <br> 139 <br> 140 141 <p>The <var class="LITERAL">md5_id</var> value is used by 142 the client to obtain a hash key that is used to salt the 143 md5 calculation for client to server transfers. The <var 144 class="LITERAL">md5_forward_id</var> value is used by the 145 server to obtain a hash key that is used to salt the md5 146 calculation for server to server transfers.</p> 147 148 <p>The <var class="LITERAL">md5_server_keyfile</var> 149 contains the keys of users; the id sent as the connection 150 information is used to obtain the key from the file.</p> 151 152 <p>To set up md5 authentication, all that is needed is the 153 following.</p> 154 155 <ul> 156 <li> 157 <p>For each user generate a key and place it in the 158 server keyfile. This file should have the form:</p> 159 160 <div class="INFORMALEXAMPLE"> 161 <a name="AEN9534"></a> 162<pre class="SCREEN"> 163 user1@host1=asdfasdfadf 164 user2@host2=a8789087asddasdf 165</pre> 166 </div> 167 <br> 168 <br> 169 </li> 170 171 <li> 172 <p>Assign a key to the server, and set its printcap 173 entry to this key.</p> 174 175 <div class="INFORMALEXAMPLE"> 176 <a name="AEN9538"></a> 177<pre class="SCREEN"> 178 pr: 179 :lp=pr@wayoff 180 :auth=md5 181 :md5_id=lpr@wayoff.com 182</pre> 183 </div> 184 <br> 185 <br> 186 </li> 187 188 <li> 189 <p>For each user, create a user key file with the 190 following format:</p> 191 192 <div class="INFORMALEXAMPLE"> 193 <a name="AEN9542"></a> 194<pre class="SCREEN"> 195 lpr@wayoff = user1@host1 asdfasdfadf 196</pre> 197 </div> 198 The first entry corresponds to the <var class= 199 "LITERAL">md5_id</var> value in the printcap. The 200 second field is the <acronym class= 201 "ACRONYM">AUTHUSER</acronym> value supplied to the 202 server and which will be used to look up the key in the 203 servers key file. Finally, the last field is the salt 204 value for the md5 calculation.<br> 205 <br> 206 </li> 207 </ul> 208 <br> 209 <br> 210 </div> 211 212 <div class="SECT2"> 213 <h2 class="SECT2"><a name="AEN9546">17.16.2. User 214 Environment Variables and Files</a></h2> 215 216 <p>Options used:</p> 217 218 <ul> 219 <li> 220 <p><var class="LITERAL">MD5KEYFILE=5</var><span class= 221 "emphasis"><i class="EMPHASIS">location of user 222 keyfile</i></span></p> 223 </li> 224 </ul> 225 <br> 226 <br> 227 228 <p>The <var class="LITERAL">MD5KEYFILE</var> environment 229 variable contains the path to the user keytab file.</p> 230 </div> 231 </div> 232 233 <div class="NAVFOOTER"> 234 <hr align="LEFT" width="100%"> 235 236 <table summary="Footer navigation table" width="100%" border= 237 "0" cellpadding="0" cellspacing="0"> 238 <tr> 239 <td width="33%" align="left" valign="top"><a href= 240 "x9412.htm" accesskey="P">Prev</a></td> 241 242 <td width="34%" align="center" valign="top"><a href= 243 "index.htm" accesskey="H">Home</a></td> 244 245 <td width="33%" align="right" valign="top"><a href= 246 "x9556.htm" accesskey="N">Next</a></td> 247 </tr> 248 249 <tr> 250 <td width="33%" align="left" valign="top">Using SSL for 251 Authentication</td> 252 253 <td width="34%" align="center" valign="top"><a href= 254 "permsref.htm" accesskey="U">Up</a></td> 255 256 <td width="33%" align="right" valign="top">Adding 257 Authentication Support</td> 258 </tr> 259 </table> 260 </div> 261 </body> 262</html> 263 264