I have to use a SecurID "one time password" authenticator to connect to
my employer's network. Since the password changes every minute, I can't
put the password in a script or file. So, I have made a small change to
the chat program to allow the password to be typed in when requested.
The syntax is simply \P, which causes a password prompt to be issued to
the controlling terminal. I use this with the "updetach" option to pppd
to retain the terminal connection until chat completes. My employer's
system also requires a PIN; this is simply added to the \P. For
example, the expect/send string:
Password: 12345678\P
will send 12345678 concatinated with whatever password is typed in. I
have attached the patches to chat.c and chat.8. I'd like to request
that this change be made to the official source, as I imagine there are
other folks using SecurID authenticators who would benefit.
Thanks,
Steve Falco
*** chat.c.old Thu Jun 4 20:47:28 1998
--- chat.c Thu Jun 4 20:51:08 1998
***************
*** 650,655 ****
--- 650,658 ----
register char *s;
int sending; /* set to 1 when sending (putting) this string. */
{
+ char *getpass();
+ FILE *tp;
+ char *ep;
char temp[STR_LEN], cur_chr;
register char *s1, *phchar;
int add_return = sending;
***************
*** 695,700 ****
--- 698,724 ----
add_return = 0;
else
*s1++ = cur_chr;
+ break;
+
+ case 'P':
+ /* getpass writes its prompt to stderr, which pppd connects to a
+ * log file. We want it where the user can see it, so we write
+ * the prompt ourselves. We could re-implement getpass() or put
+ * a hack into pppd, but this is slightly cleaner.
+ */
+ if((tp = fopen("/dev/tty", "w")) == NULL) {
+ syslog(LOG_INFO, "Cannot open /dev/tty");
+ break;
+ }
+ fprintf(tp, "Password: ");
+ fclose(tp);
+ for(
+ ep = getpass("");
+ (*ep != 0) && (*ep != '\n');
+ /**/
+ ) {
+ *s1++ = *ep++;
+ }
break;
case '\\':
*** chat.8.old Thu Jun 4 20:47:35 1998
--- chat.8 Thu Jun 4 20:53:13 1998
***************
*** 406,411 ****
--- 406,418 ----
Pause for a fraction of a second. The delay is 1/10th of a second.
.I (not valid in expect.)
.TP
+ .B \\\\P
+ Prompt for a password from the controlling terminal. The password will be
+ interpolated in place of \\P. You will probably want to set the updetach
+ option to pppd(8) to keep the controlling terminal until after the chat script
+ finishes. The -detach option to pppd(8) can be used instead, if you like.
+ .I (not valid in expect.)
+ .TP
.B \\\\q
Suppress writing the string to the SYSLOG file. The string ?????? is
written to the log in its place.
