-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 30 Dec 1998, Michael Talbot-Wilson wrote:
> On Tue, 29 Dec 1998, Nick Phillips wrote:
> > Best not to create the account, if at all possible. Is there any reason
> > why you can't just use PAP authentication? If you use PAP, all the
> > information needed to authenticate is stored in /etc/ppp/pap-secrets,
> > and pppd pays no attention whatsoever to /etc/passwd and the accounts
> > that are set up on the system.
>
> Can you use PAP authentication if you don't have a login? I guess
> you can, by running pppd directly on the port, in place of a getty,
> but do you really do that? Am I missing something?
[clip]
> I wonder how the user has been starting pppd up until now. If he is
> using AutoPPP he must be looking at /etc/passwd.
AFAIK, AutoPPP doesn't look at /etc/passwd. mgetty presents a login:
prompt. It notices the other end trying to send PPP frames, and launches
pppd.
You can use PAP fine without anything remotely user-like in /etc/passwd
and friends. We've got a small dialup box with about 130
dialup accounts on it, using PAP and mgetty's AutoPPP. No problems :)
Note that if you have 'login' in your ppp options file, it _will_ check
the standard passwd files, _in_addition_ to the pap-secrets. ie, for it to
function it has to be in _both_ places, with no password listed in the
pap-secrets file.
> Incidentally, /dev/null is not a program. It might be better to use
> something like /bin/true for a non-functioning account.
Be careful of using actual valid shells.. (read: check /etc/shells to see
what's valid). On some systems, /bin/true is a valid shell. The upshot is
some things (ftp springs to mind) check for a valid shell, if the user has
one they are allowed to log in.
Better to use /bin/false and ensure it's not in /etc/shells. Then you can
have can-ftp with /bin/true, and can't-do-a-thing with /bin/false.
At least, that's my 2c :) YMMV etc..
.------.------------------------------------------.----------------------.
| (__) | David Zanetti <[EMAIL PROTECTED]> | Support/Helpdesk: |
| ( oo | Systems Adminstrator, Lynx Internet Ltd. | (03) 379 0568 |
| /\_| | Moderator, nz.politics.announce | <[EMAIL PROTECTED]> |
`------^------------------------------------------^----------------------'
WARNING: Messages sent as HTML will be dropped without being read!!
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBNoqNXbqyf8yLySj0EQIoSwCfWZYEsFHraAu9W8X5UtRXbmeU9TAAn1Ui
96SJvmBxMmtBsNNnR33SYqT8
=mPx4
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
