In article <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
>Hence the password cannot be statically saved in pap-secrets. As a
>crude hack, I've been able to establish the connection by overwriting
>pap-secrets with the dynamic password. At least one other person on
>comp.os.linux.networking is using the same hack.
>
>Is there perhaps another, secure solution for dealing with dynamic
>passwords that doesn't require doing violence to the *-secrets files?
I use the '@filename' syntax for the secret in pap-secrets and have
a simple script to write <PIN><PASSWD> to the file and start pppd. Once
pppd exits the script deletes the file so that the PIN is only visible for
the duration of the call (and if someone has access to the file). It would
be better if the file was deleted as part of ip-up but as I'm on a single
user box it wasn't important.
I had hoped that the 'welcome <script>' param in the option file could be
used to avoid having to use up 30 seconds of the password lifespan in
the dialling but a strace shows that a) pppd reads the secrets file before
invoking the script, and b) sets an ioctl on the terminal preventing
the script from reading input. a) could probably be worked around
but b) makes it pointless.
Anybody got anything better?
Cheers,
Mike
--
Mike Civil Home : [EMAIL PROTECTED]
Broadmayne, Dorset, UK Work : [EMAIL PROTECTED]
+44 (0)1305 853644
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
