On Wed, 30 Dec 1998, Michael Talbot-Wilson wrote:
> Can you use PAP authentication if you don't have a login? I guess
> you can, by running pppd directly on the port, in place of a getty,
> but do you really do that? Am I missing something?
>
...
> I wonder how the user has been starting pppd up until now. If he is
> using AutoPPP he must be looking at /etc/passwd. Incidentally,
> /dev/null is not a program. It might be better to use something
> like /bin/true for a non-functioning account.
The only requirement for PAP and CHAP logins is an entry in the secrets
file; no user login account is required (though you would need a dummy
account with a pppd shell if you didn't use AutoPPP). PPP authentication
does not use the password file unless the 'login' option is specified.
This is really handy if all users have both shell and PPP privileges.
> ppp:x:1002:1002:ppp:/home/ppp:/usr/sbin/pppd
>
> is what I do, for all users who have dynamic addresses, i.e. they
> all share the same login. There is no password -- the 'x' is put
> there by shadow. I use CHAP authentication. Unless I do something
> extra they don't have an account or a shell.
>
> Of course you can use a script instead of running pppd directly,
> e.g. if you want to check that the user's subscription has not run
> out or she has not used up all her time.
This is what I did before AutoPPP. If it works for you, great! However,
I note that the PPP FAQ (9.2) says that you should not execute
/usr/sbin/pppd directly, but execute a shell script that exec's pppd
instead to ensure that it receives the SIGHUP signal properly.
Geof
DISCLAIMER: The comments above are my own and may not represent the views
of my employer.
+-------------------------------+-------------------------------------------+
: Geoffrey P. Goodrum : US Department of Commerce :
: +1-301-457-5100 : NOAA/NESDIS National Climatic Data Center :
: [EMAIL PROTECTED]: Satellite Services Branch :
+-------------------------------+-------------------------------------------+
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
