PGP is a well known encryption and authentication program.
For more details see the web site http://www.pgp.net or
the ftp site ftp://ftp.pgp.net.
LPRng has greatly simplified
the use of PGP for authentication by building in support as
follows.
The user and group configuration entry (defaults daemon and daemon respectively) specify the user and
group id used by the lpd
server for file and program execution. PGP uses the
current user id of the PGP process to determine the
locations of various configuration files and information.
In this discussion we will assume that lpd runs as uid daemon.
By default, the PGP program expects the public and
secret key rings to be in the $HOME/.pgp/ directory to be readable only
by the user. In order to set up PGP authentication, make
sure that the daemon account has
a home directory. Then use the su
daemon command to change effective UID to daemon and
run the pgp -kg (generate key)
command as daemon. The daemon
user should not have a password.
Each PGP key has an associated identifier. It is
recommended that the lpd key
be lpr@hostname, where hostname
is the fully qualified domain name of the server. A
public and a private key file will be created.
Next, place the passphrase for the daemon user in ~daemon/.pgp/serverkey, and make sure it
has owner daemon and 600 permissions (read/write only by daemon). This is extremely
important. If other users can read this file then
security will be severely compromised.
Next, distribute the lpr@hostname public key to all users of
the LPRng server. This is
usually done by placing the public key in a well known
file location or making it available to users by some
form of Public Key Distribution system (PKD). The key can
be extracted and put into a text file using the following
commands:
pgp -kxa userid destfile keyfile
Example:
> pgp -kxa lpr@astart /tmp/lprkey ~daemon/.pgp/pubring.pgp
Key for user ID: lpr@astart
512-bit key, key ID BB261B89, created 1999/01/01
Transport armor file: /tmp/lprkey.asc
Key extracted to file '/tmp/lprkey.asc'.
To allow a user to send files to the server, their
public key must be put into the daemon public key ring. This can be done
using:
pgp -ka /tmp/lprkey.asc
Finally, the administrator will need to add users
public keys to the daemon users
public key ring. This can most easily be done by copying
all the keys (in ASCII text form) to a single file (/tmp/keyfile)and using:
su daemon
pgp -ka /tmp/keyfile ~daemon/.pgp/pubring.pgp
If the lpd server is using
PGP to forward jobs or requests, the destination server's
public key must be put in the originating servers public
keyring. For example:
su daemon
pgp -ka /tmp/lpd.keyfile ~daemon/.pgp/pubring.pgp
The pgp_path value is the path
to the PGP program. The program must be executable by all
users.
The pgp_id value is the id used
by PGP to look extract keys from key rings. When doing a
client to server transfer this will be supplied as the id
to be used for the destination, and the user's public
keyring will be checked for a key corresponding to this id.
When a request arrives at the server, the server will use
this value as the id of a key in its private key ring.
Finally, when a server is forwarding a request to a remote
server, it will use this value as the id of the key in its
private key ring to be used to sign or encode the
destination information.
The pgp_forward_id value is
used by the lpd server as the id
to use to find a key for the destination.
The pgp_server_key is the path
to the file containing the server passphrase. This file
will be read by lpd to get the
passphrase to unlock the server's keyring.
PGPPASSFD=File descriptor to read PGP passphrase
from
PGPPASS=PGP passphrase
One problem with using PGP is the need to have users
input their passphrases. The following methods can be
used.
Put the passphrase in a file, say $(HOME)/.pgp/.hidden, and set the PGPPASSFILE environment variable
to the file name. This file will be opened and read by
PGP to get the passphrase. This file should be owned by
the user and have 0600 or
read/write only by user permissions.
A more subtle solution is to use the PGPPASSFD environment variable
facility. This causes PGP to read the passphrase from a
file descriptor. If the user puts his passphrase in a
file, say $(HOME)/.pgp/.hidden, then the
following shell script can be used:
The least desirable method is to put the passphrase
in the PGPPASS environment
variable. Since the ps command
can be used to list the environment variables of
processes, this is highly undesirable and should not be
used under any circumstances.