> I don't agree with the concept of tying a default route to a default pppd
> authentication requirement. But a solution is to remove the existing
The alternative would be that pppd defaults to requiring the peer to
authenticate. But that would stuff up the legions of home users who want
to just run kppp and dial up their ISP.
As a general principle, I do not want pppd to allow arbitrary users to
make connections to arbitrary systems using arbitrary IP addresses without
approval of some kind from the system administrator. In particular, it
would be bad if an intruder on a system (who had got into a user account,
not root) could use pppd to take over arbitrary neighbouring IP addresses.
Basically, adding a network interface to the system is a privileged
operation, so pppd should only allow non-privileged users to make
connections which have been authorized by the system administrator. I
relax that with the `don't require authentication if there is no default
route' heuristic to accommodate the class of users for whom the PPP link
is their only link to the internet. If anybody can suggest a better
heuristic, I will be glad to hear it. :-)
Michael Johnson has persuaded me to make the default be to not require
authentication if pppd is being run by root, and that will be in the next
version.
Paul.
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
