On Tue, 29 Dec 1998, Nick Phillips wrote:
> Scott Dudley wrote:
> >
> > I've got mgetty/pppd running on a Linux PC. I want to create an account on
> > the box but for ppp authentication only, no shell. What's the best way to
> > do so? In the past, I've simply specified /dev/null as shell for lack of
> > knowledge of a better way. This box is likewise connected to a LAN. I'd
> > prefer not to afford them access to same. Is it enough to disable IP
> > forwarding?
>
> Best not to create the account, if at all possible. Is there any reason
> why you can't just use PAP authentication? If you use PAP, all the
> information needed to authenticate is stored in /etc/ppp/pap-secrets,
> and pppd pays no attention whatsoever to /etc/passwd and the accounts
> that are set up on the system.
Can you use PAP authentication if you don't have a login? I guess
you can, by running pppd directly on the port, in place of a getty,
but do you really do that? Am I missing something?
Maybe (in fact, clearly, since he is affronted by my reply) I have
misunderstood the question. But I should have thought the user
needed a login, and has not got one already, other than the one with
the /dev/null shell.
I wonder how the user has been starting pppd up until now. If he is
using AutoPPP he must be looking at /etc/passwd. Incidentally,
/dev/null is not a program. It might be better to use something
like /bin/true for a non-functioning account.
I can see no way to avoid creating an account (but I'm open to
instruction).
ppp:x:1002:1002:ppp:/home/ppp:/usr/sbin/pppd
is what I do, for all users who have dynamic addresses, i.e. they
all share the same login. There is no password -- the 'x' is put
there by shadow. I use CHAP authentication. Unless I do something
extra they don't have an account or a shell.
Of course you can use a script instead of running pppd directly,
e.g. if you want to check that the user's subscription has not run
out or she has not used up all her time.
--
Michael Talbot-Wilson ------------------- [EMAIL PROTECTED]
"Many good morrows to my noble lord!" - Catesby greeting Hastings
(Richard III, Act III, Scene II).
... How do you pronounce W'ows, "Win" or "Woes"?
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
