> Michael & Lisa Lynch wrote:
> I was able to get around this by adding "noauth" to the pppd-options line
of
> the diald config file I use when starting up diald. Is this an
appropriate
> work around? Am I compromising security somehow? I haven't needed to
setup
> a secrets file for straight pppd before.
This is the preferred method. The ppp authors recommend that the default
[auth] be left in place and noauth be added for each connection that
requires it.
Base rule-of-thumb for authorization. The machine that does the calling
must authorize to the machine being called. The machine being called does
not authorize to the calling machine.
When you call another machine (ISP for example) noauth should be specified.
If there is any chance at all that anyone can call into your machine then
the auth default should remain set in the main ppp options file. If your
machine is only used for dial-out (modem or whatever connection device does
not answer) then placing noauth in the main ppp options file is acceptable.
Note: rpm upgrades of ppp tend to overwrite the /etc/ppp/options file.
ppp [2.3.9+] changed the behavior when there is already an existing default
route set up. [This was intended to close security holes for machines with
both dial-in and dial-out access.] Since Diald sets up a default route to
its 'listening' device you will see this problem even though you can often
connect with no difficulty using pppd directly.
HTH,
Lourdes
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
