version 1.3, 2003/12/10 23:22:52 |
version 1.4, 2004/09/18 11:40:16 |
|
|
% $OpenXM: OpenXM/doc/OpenXM-specs/OX-RFC-103.oxw,v 1.2 2003/12/10 08:57:25 takayama Exp $ |
% $OpenXM: OpenXM/doc/OpenXM-specs/OX-RFC-103.oxw,v 1.3 2003/12/10 23:22:52 takayama Exp $ |
%% OXWEAVE=${OpenXM_HOME}/bin/oxweave --recursive --plain |
%% OXWEAVE=${OpenXM_HOME}/bin/oxweave --recursive --plain |
%% ${OXWEAVE} C ja <oxshell.oxw >>oxshell-ja.tex |
%% ${OXWEAVE} C ja <oxshell.oxw >>oxshell-ja.tex |
//&ja \documentclass{jarticle} |
//&ja \documentclass{jarticle} |
|
|
//&ja \title{OpenXM RFC 103 draft (RFC 100 $BDI2C(B)} |
//&ja \title{OpenXM RFC 103 draft (RFC 100 $BDI2C(B)} |
//&en \title{OpenXM RFC 103 draft (RFC 100 supplement} |
//&en \title{OpenXM RFC 103 draft (RFC 100 supplement} |
//&C \author{OpenXM Committers} |
//&C \author{OpenXM Committers} |
//&C \date{December 9, 2004} |
//&C \date{December 9, 2003, September 18, 2004} |
//&C \newtheorem{example}{Example} |
//&C \newtheorem{example}{Example} |
\usepackage{html} |
\usepackage{html} |
|
|
Line 104 which is the flag of hiding the debug window of an ox |
|
Line 104 which is the flag of hiding the debug window of an ox |
|
/*&ja |
/*&ja |
$B%P%$%H%*!<%@!<$r7h$a$k$?$a$N>pJs8r49(B (OX-RFC 100 $B;2>H(B) $B$NA0$K(B |
$B%P%$%H%*!<%@!<$r7h$a$k$?$a$N>pJs8r49(B (OX-RFC 100 $B;2>H(B) $B$NA0$K(B |
$B%(%s%8%sG'>Z<jB3$-$r$*$3$J$&(B. |
$B%(%s%8%sG'>Z<jB3$-$r$*$3$J$&(B. |
$BG'>Z%W%m%H%3%k$K$D$$$F$OJLESDj$a$k(B. |
|
|
$BG'>Z%W%m%H%3%k$K$O2<$N?^$N(B step 1, step 2, step 3 $B$G$"$k(B. |
|
|
|
\begin{verbatim} |
|
|
|
client server |
|
|
|
---------------- step 1 -----------------------> |
|
ssh $B$K$h$k(B server $B$X$N(B login. |
|
controle server, engine server $B$H$N@\B3$r3NN)$9$k$?$a$N(B |
|
$B%]!<%HHV9f$*$h$S(B -control= ... , -data=... |
|
$BG'>ZJ}K!$*$h$S(B -authtype=NONE | <<oneTimePassword>> |
|
$BG'>Z%Q%9%o!<%I(B -passControl=... , -passData=... |
|
$B$bAw?.$5$l$k(B. |
|
$BG'>Z%Q%9%o!<%I$N0E9f(B -authEncoding=<<NONE>> | file | RSA |
|
$B2=J}K!$N;XDj(B. |
|
<< >> $B$O(B src/kxx/ox $B$NI8=`CM(B |
|
|
|
|
|
<---------------- step 2 --------------------------> |
|
-reverse $B$N>l9g$O(B <--- $B$N8~$-$K(B TCP/IP $B@\B3$,3NN)$5$l$k(B. |
|
$B$=$&$G$J$$$H$-$O(B ---> $B$N8~$-$K(B TCP/IP $B@\B3$,3NN)$5$l$k(B. |
|
|
|
<---------------- step 3 --------------------------> |
|
-authtype=oneTimePassword $B$N;~(B. |
|
connect $B$7$?B&$,(B accept $B$7$?B&$X(B oneTimePassword $B$rAw$k(B. |
|
$BKvHx$N(B 0 $B$rAw?.$9$k(B. |
|
|
|
$B0J2<(B launcher $B$N;E;v$O=*N;$7$F(B, engine $B$H(B control $B$K@)8f$,0\$k(B. |
|
<---------------- step 4 --------------------------> |
|
engine $B$N(B byte order $B$r@_Dj(B. |
|
|
|
<----------------------------------------------------> |
|
OpenXM $B$N%Q%1%C%H8r49(B |
|
|
|
\end{verbatim} |
*/ |
*/ |
|
|
|
/*&ja |
|
|
|
\begin{verbatim} |
|
|
|
authtype $B$O(B NONE $B$+(B oneTimePassword $B$G$"$k(B. |
|
oneTimePassword $B$O1Q?t;z$G9=@.$5$l$?Ns$G$"$k(B. |
|
oneTimePassword $B$O>o$K%/%i%$%"%s%H$G@8@.$5$l$F(B, $B$J$s$i$+$NJ}K!$G%5!<%P$K(B |
|
$BG[Aw$5$l$k(B. connect $BB&$,(B oneTimePassword $B$rJ?J8$G(B accept $BB&$KAw?.$7$F(B |
|
$BG'>Z$,=*N;$9$k(B. |
|
|
|
authEncoding $B$G(B oneTimePassword $B$NG[AwJ}K!$r5,Dj$9$k(B. |
|
authEncoding $B$O(B NONE $B$+(B file $B$+(B RSA $B$G$"$k(B. |
|
|
|
authEncoding=NONE $B$,A*Br$5$l$?>l9g(B oneTimePassword $B$NG[Aw$KFCJL$JJ}K!$rMxMQ(B |
|
$B$7$J$$(B. |
|
NONE $B$rA*Br$7$?>l9g(B, $B8=:_$N(B ox launcher $B$N<BAu$G$O$?$H$($P(B -passControl |
|
$B$N$"$H$K(B oneTimePassword $B$,@8$N7A$G8=$l$k$3$H$H$J$k(B. |
|
Unix $B$N>l9g$3$l$O(B command $B$N0z?t$G$"$j(B client $B$H(B server $B$NDL?.O)$,(B |
|
ssh $BEy$G0E9f2=$5$l$F$$$?$H$9$k$H%M%C%H%o!<%/%f!<%6$OGA$-$_$k$3$H$O$G$-$J$$$,(B, |
|
$BF10l5!$N%f!<%6$O8+$k$3$H$,2DG=$G$"$k(B. |
|
$B$7$?$,$C$F(B NONE $B$NA*Br$,2DG=$G$"$k$N$O(B client $B$*$h$S(B server $B$,==J,?.Mj(B |
|
$B$G$-$k$H$-$K8B$k(B. |
|
|
|
\end{verbatim} |
|
*/ |
|
|
|
/*&ja |
|
|
|
authEncoding=file $B$N>l9g(B. |
|
|
|
\begin{verbatim} |
|
authEncoding=file $B$rA*Br$7$?>l9g$O(B oneTimePassword $B$OJL$KMQ0U$5$l$?0BA4$J(B |
|
$BDL?.7PO)(B($B$?$H$($P(B scp) $B$rMQ$$$F(B file $B$H$7$FG[Aw$5$l$k(B. |
|
oneTimePassword $B$,3JG<$5$l$?(B file $BL>$r(B -passControl, -passData $B0z?t$GEO$9(B. |
|
file $BL>$O(B $HOME/.openxm/tmp.otp/ $B$+$i$NAjBP%Q%9L>$G$"$k(B. |
|
$B%Q%9$N6h@Z$jJ8;z$O(B windows $B$G$b(B / $B$rMQ$$$k(B. |
|
$B%/%i%$%"%s%H$O<!$N5,B'$G%U%!%$%kL>$r@8@.$9$k(B. |
|
$B%U%!%$%kL>$K$O1Q?t;z$H(B . - _ $B$NMxMQ$7$+$f$k$5$l$J$$(B. $B%U%!%$%kL>$O<!$N7A<0(B |
|
$B$G$"$k(B. |
|
|
|
clientname-servernameUidPidSerial-time.pass |
|
|
|
$B$3$3$G(B time $B$O(B time(2) $B$NLa$jCM$r?t;zJ8;zNs$KJQ49$7$?7A<0$G$"$k(B. |
|
oneTimePassword $B$N@8@.;~9o$r@Z$j>e$2$F(B 10 $BJ,Kh$N@5;~$KJQ49$7$?$b$N$H$9$k(B. |
|
servernameUidPidSerial $B$O(B client $B$,(B oneTimePassword $B$r@8@.$7$F$+$i(B |
|
10 $BJ,4V(B, $B%/%i%$%"%s%H%7%9%F%`$G9b$$3NN($G0l0UE*$G$"$k$3$H$,J]>Z$5$l$F$$$k(B |
|
$BJ8;zNs$J$i$J$s$G$b$h$$(B. |
|
|
|
$BNc(B |
|
client server |
|
|
|
oneTimePassword 1342546 $B$r3JG<$7$?%U%!%$%k(B |
|
yama.openxm.org-00001-2312123123.pass $B$r@8@.(B |
|
|
|
oneTimePassword 89123888 $B$r3JG<$7$?%U%!%$%k(B |
|
yama.openxm.org-00002-2312123124.pass $B$r@8@.(B |
|
-----------------------------------------------------> |
|
$B>e$NFs$D$N%U%!%$%k$r0BA4$JDL?.O)$rMQ$$$FG[Aw$9$k(B. |
|
($B$?$H$($P(B scp ) |
|
|
|
-----------------------------------------------------> |
|
ox -authtype oneTimePassword |
|
-authEncoding file |
|
-passControl yama.openxm.org-00001-2312123123.pass |
|
-passData yama.openxm.org-00002-2312123124.pass |
|
|
|
|
|
<---------------- step 2 --------------------------> |
|
-reverse $B$N>l9g$O(B <--- $B$N8~$-$K(B TCP/IP $B@\B3$,3NN)$5$l$k(B. |
|
$B$=$&$G$J$$$H$-$O(B ---> $B$N8~$-$K(B TCP/IP $B@\B3$,3NN)$5$l$k(B. |
|
|
|
<---------------- step 3 --------------------------> |
|
connect $B$7$?B&$,(B accept $B$7$?B&$X(B oneTimePassword $B$rJ?J8$G$*$/$k(B. |
|
|
|
|
|
|
|
oneTimePassword 1342546 $B$r3JG<$7$?%U%!%$%k(B |
|
yama.openxm.org-00001-2312123123.pass $B$r(B server $B$K@8@.$9$k$?$a$K(B |
|
$B$?$H$($P(B sendStringAsAfile(char *servername, char *serveruser, |
|
char *filename, char *otp); |
|
$B$N$h$&$J(B API $B$rMQ0U$7$F$*$/$H$h$$$G$"$m$&(B. |
|
|
|
|
|
\end{verbatim} |
|
|
|
*/ |
|
|
|
/*&ja |
|
|
|
authEncoding=RSA $B$N>l9g(B. |
|
|
|
\begin{verbatim} |
|
RSA $B$NHkL)80(B, $B8x3+80$r3JG<$9$k%U%!%$%kL>$O0J2<$N$H$*$j(B. |
|
$HOME/.openxm/rsa/ox103-rsa0-identity ($BHkL)80$r$J$i$Y$?$b$N(B) |
|
$HOME/.openxm/rsa/ox103-rsa0-identity.pub ($B8x3+80(B: $B$3$N7A<0$G$OMxMQ$5$l$:(B) |
|
$HOME/.openxm/rsa/ox103-rsa0-authorizedkeys ($B8x3+80$r$J$i$Y$?$b$N(B) |
|
|
|
$B80%U%!%$%k$O<!$N%G!<%?$r6uGr$G6h@Z$C$FJB$Y$?$b$N$G$"$k(B. |
|
user$B<1JL;R(B $B80(B($B#1#0?J?t;zNs(B) RSA$B%U%)!<%^%C%H<1JL;R(B(optional) |
|
$B%3%a%s%H9T$O(B # $B$G;O$^$k(B. |
|
|
|
$B%U%)!<%^%C%H<1JL;R$,(B 0 $B$N>l9g$O(B |
|
x --> x^65537 $B$rMQ$$(B, 128 byte (1024 bit) $B$E$D%G!<%?$r6h@Z$C$F=hM}$9$k(B |
|
RSA $B$rMQ$$$k(B. 0 $B$O<B83MQ$G$"$k(B. |
|
|
|
Todo: $B80$N3JG<J}K!(B, $B%G!<%?6h@Z$j$NJ}K!$J$I2DG=$J8B$j(B |
|
RFC3447 $B$K=`5r$9$k$h$&$KJQ99$;$h(B. $B=`5r$,40N;$7$?$i(B -rsa0- $B$r(B |
|
-rsa- $B$HJQ99$9$k(B. |
|
|
|
$BNc(B: |
|
|
|
client $BB&(B |
|
|
|
ox103-rsa0-identity |
|
# client $BB&$,;H$&HkL)80(B |
|
takayama@client.math.kobe-u.ac.jp 1234523.... |
|
|
|
|
|
ox103-rsa0-authorizedkeys |
|
@ server $BB&$,;H$&HkL)80$KBP1~$9$k8x3+80(B |
|
takayama@server.math.kobe-u.ac.jp 8989898.... |
|
|
|
server $BB&(B |
|
ox103-rsa0-identity |
|
# server $BB&$,;H$&HkL)80(B |
|
takayama@server.math.kobe-u.ac.jp 8781234.... |
|
|
|
ox103-rsa0-authorizedkeys |
|
@ client $BB&$,;H$&HkL)80$KBP1~$9$k8x3+80(B |
|
takayama@client.math.kobe-u.ac.jp 89891.... |
|
|
|
authEncoding=RSA $B$rMxMQ$9$k>l9g$O$3$l$i$N80$rE,@Z$K(B .openxm/rsa $B$N2<$K(B |
|
$BCV$+$J$$$H$$$1$J$$(B. .openxm/rsa $B$N(B permission $B$O(B rwx------ $B$G$"$k$3$H(B. |
|
|
|
$BCm0U(B: $BHkL)80$r@8$G3JG<$7$J$$>l9g%U%!%$%kL>$r(B ox103-rsa2-* $BEy$HJQ99$9$k(B |
|
$BM=Dj(B. RSA encoding $BJ}K!$O?t;z$NBg$-$$$b$N$+$i=gHV$K%5!<%A$7$F$$$/$b$N$H$9$k(B. |
|
|
|
authEncoding=RSA $B$N>l9g(B -passData $B$*$h$S(B -passControl $B$O(B |
|
oneTimePassword ($BJ8;zNs(B) $B$r(B bit data $B$H$_$F(B rsa $B$G0E9f2=$7$?$b$N$r(B |
|
URL encoding $B$7$?7A$GAw$k(B. |
|
|
|
oneTimePassword $B$N<~4|$O==J,Bg$-$/$J$$$H$$$1$J$$(B. |
|
$B0lG/$O(B 31536000 $BIC$G$"$k(B. 100 $BG/$O(B 3153600000 $BIC(B (10 $B7e(B) $B$G$"$k(B. |
|
oneTimePassword $B$O?t;z$N>l9g(B 10 $B7e0J>e$G$"$k$3$H$,K>$^$7$$(B. |
|
|
|
\end{verbatim} |
|
*/ |
|
|
//&ja \section{$B9W8%<T(B} |
//&ja \section{$B9W8%<T(B} |
//&en \section{Contributors} |
//&en \section{Contributors} |
|
|
Line 120 which is the flag of hiding the debug window of an ox |
|
Line 303 which is the flag of hiding the debug window of an ox |
|
/*&ja |
/*&ja |
$B9TNs(B, $B%Y%/%H%k$N(B CMO $B$O(B NTL $B$N%5!<%P2=$r%F%9%H%1!<%9$H$7$F(B |
$B9TNs(B, $B%Y%/%H%k$N(B CMO $B$O(B NTL $B$N%5!<%P2=$r%F%9%H%1!<%9$H$7$F(B |
$B4d:,$,@_7W(B, $B<BAu(B, $BI>2A$r9T$C$?(B. |
$B4d:,$,@_7W(B, $B<BAu(B, $BI>2A$r9T$C$?(B. |
|
RSA $B$N%-!<@8@.$N(B OpenXM $B$X$N<BAu$O4d:,$,$*$3$J$C$?(B. |
*/ |
*/ |
|
|
\end{document} |
\end{document} |