NAME

       bwctld.keys - Bandwidth Control Daemon AES keyfile database

DESCRIPTION

       The  bwctld.keys  file  is  used  to hold the identity/AES keys pairs needed for bwctld to
       authenticate users. The format of this file is described in the aespasswd(1) manual  page.
       The  location  of  this file is controlled by the -c option to bwctld but it must be named
       bwctld.keys.

       bwctld uses symmetric AES keys for authentication. Therefore, the bwctl client  will  have
       to  have  access to the exact same AES key for authentication by AES to work. Most likely,
       the user will simply know the passphrase that generated the AES key in  the  first  place.
       Additionally, it is important that the system administrator and end user ensure the key is
       not compromised.

       If the bwctl client is able to authenticate using the  identity  and  AES  key  presented,
       bwctld  will use the directives found in the bwctld.limits file to map policy restrictions
       to this connection.

SECURITY CONSIDERATIONS

       The keys in the bwctld.keys file are not encrypted in any way. The security of these  keys
       is  completely  dependent upon the security of the system and the discretion of the system
       administrator.

RESTRICTIONS

       Identity names are restricted to 16 characters.

SEE ALSO

       aespasswd(1), bwctl(1), bwctld(8), bwctld.limits(5), and  the  http://software/bwctl/  web
       site.

ACKNOWLEDGMENTS

       This  material is based in part on work supported by the National Science Foundation (NSF)
       under Grant No. ANI-0314723. Any opinions, findings, and  conclusions  or  recommendations
       expressed  in  this material are those of the author(s) and do not necessarily reflect the
       views of the NSF.

                                              $Date$                               bwctld.keys(5)