Marcus,
I've just had a look at the FAQ provided with the ppp-2.3.5 package. I
think, you should have a similar FAQ somewhere in /usr/doc/packages/ppp,
not regarding what version of ppp you are running. However, below the
relevant portion of my FAQ:
---------------------------------------------------------------
Q: I installed pppd successfully, but when I try to run it, I get a
message saying something like "peer authentication required but no
authentication files accessible".
A: When pppd is installed on a machine which already has a connection
to the Internet (or to be more precise, one which has a default route
in its routing table), it is set up to require all peers to
authenticate themselves. The reason for this is that if you don't
require authentication, you have a security hole, because the peer can
basically choose any IP address it wants, even the IP address of some
trusted host (for example, a host mentioned in some .rhosts file).
On machines which don't have a default route, the default ppp
installation does not require the peer to authenticate itself. The
reason is that such machines would mostly be using pppd to dial out to
an ISP which will refuse to authenticate itself. (Yes, it's still a
security hole, which will hopefully be fixed in the next version.)
There are 3 ways around the problem:
1. If possible, arrange for the peer to authenticate itself, and
create the necessary secrets files (/etc/ppp/pap-secrets and/or
/etc/ppp/chap-secrets).
2. If the peer refuses to authenticate itself, and will always be
using the same IP address, or one of a small set of IP addresses, you
can create an entry in the /etc/ppp/pap-secrets file like this:
"" * "" his-ip.his-domain his-other-ip.other-domain
(that is, using the empty string for the client name and password
fields). Of couse, you replace the 4th and following fields in the
example above with the IP address(es) that the peer may use. You can
use either hostnames or numeric IP addresses.
3. You can remove the `auth' option from the /etc/ppp/options file.
Pppd will then not ask the peer to authenticate itself. If you do
this, I *strongly* recommend that you remove the set-uid bit from the
permissions on the pppd executable, with a command like this:
chmod u-s /usr/local/etc/pppd
Then, an intruder could only use pppd maliciously if they had already
become root, in which case they couldn't do any more damage using pppd
than they could anyway.
----------------------------------------------------------------
As you can see the third possibility is the one I proposed in the
preceding mail.
Henning
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
