Michael Talbot-Wilson wrote:
> Can you use PAP authentication if you don't have a login? I guess
> you can, by running pppd directly on the port, in place of a getty,
> but do you really do that? Am I missing something?
That's why AutoPPP is useful.
> Maybe (in fact, clearly, since he is affronted by my reply) I have
> misunderstood the question. But I should have thought the user
> needed a login, and has not got one already, other than the one with
> the /dev/null shell.
Never give someone a login if they don't need it; give an inch and some
people will always look for ways of taking a mile.
> I wonder how the user has been starting pppd up until now. If he is
> using AutoPPP he must be looking at /etc/passwd.
Errr, why?
> I can see no way to avoid creating an account (but I'm open to
> instruction).
Use AutoPPP, like this:
/AutoPPP/ - a_ppp /usr/sbin/pppd call dialin
/etc/ppp/peers/dialin contains the ppp options needed for a dialin
connection, and pppd handles all the authentication. If you tell it to
use /etc/passwd, it can, but if you tell it to use PAP, it'll use just
/etc/ppp/pap-secrets.
Use /etc/ppp/options for options common to all (or most of) the PPP
connections you will use, and then the individual per-connection files
in /etc/ppp/peers (specified as above) for the rest.
> ppp:x:1002:1002:ppp:/home/ppp:/usr/sbin/pppd
>
> is what I do, for all users who have dynamic addresses, i.e. they
> all share the same login. There is no password -- the 'x' is put
> there by shadow. I use CHAP authentication. Unless I do something
> extra they don't have an account or a shell.
That line defines their account; it's just that currently it uses pppd
as a shell.
> Of course you can use a script instead of running pppd directly,
> e.g. if you want to check that the user's subscription has not run
> out or she has not used up all her time.
Alternatively you could configure AutoPPP to call this script, and have
the script run pppd.
Evidently both setups are vulnerable to someone who can modify certain
key files...
I prefer AutoPPP because it's simpler.
--
Nick Phillips ([EMAIL PROTECTED])
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
