On Thu, 18 Nov 1999, Paul Mackerras wrote:
|Date: Thu, 18 Nov 1999 12:30:45 +1100
|From: Paul Mackerras <[EMAIL PROTECTED]>
|To: [EMAIL PROTECTED], Clifford Kite <[EMAIL PROTECTED]>
|Subject: Re: ppp-2.3.10 silly error
|
|> I don't agree with the concept of tying a default route to a default pppd
|> authentication requirement. But a solution is to remove the existing
|
|The alternative would be that pppd defaults to requiring the peer to
|authenticate. But that would stuff up the legions of home users who want
|to just run kppp and dial up their ISP.
I'd think the maintainers of kppp would be the ones to adjust to changes
in what pppd does rather than pppd trying to accommodate kppp or any
other pppd frontend. (I take it that kppp is a frontend to pppd.)
As it is, users with a home LAN and an existing default route are faced
with this strange message which doesn't include a hint as to what to do to
overcome the problem and make pppd work for them. Moreover, and correct me
if I'm wrong, it *appears* that a default route and a PPP authentication
option of any sort are necessary and sufficient conditions to trigger it,
i.e., pppd doesn't actually examine a secrets file. How could it know
which secrets entry would be valid before PPP link negotiation?
|As a general principle, I do not want pppd to allow arbitrary users to
|make connections to arbitrary systems using arbitrary IP addresses without
|approval of some kind from the system administrator. In particular, it
|would be bad if an intruder on a system (who had got into a user account,
|not root) could use pppd to take over arbitrary neighbouring IP addresses.
Generally agree, and a noauth default would serve this purpose. I think
that people would adjust to and accept it provided it's documented in the
man pages, and perhaps mentioned in the README as a change. However, since
it's doubtful that either of us will convince the other his view is better,
we should probably simply agree to disagree. :)
|Basically, adding a network interface to the system is a privileged
|operation, so pppd should only allow non-privileged users to make
|connections which have been authorized by the system administrator. I
|relax that with the `don't require authentication if there is no default
|route' heuristic to accommodate the class of users for whom the PPP link
|is their only link to the internet. If anybody can suggest a better
|heuristic, I will be glad to hear it. :-)
As hinted (?) above the class of users for whom the PPP link is their only
link to the internet includes many with a LAN and often, usually through
ignorance on their part or the distribution maker's part, a default route.
I'd at least like to see a change in the message to something like
This system has a default route and use of the options "name" and
"user" is denied to non-root users unless explicitly permitted by
the privileged "noauth" option.
|Michael Johnson has persuaded me to make the default be to not require
|authentication if pppd is being run by root, and that will be in the next
|version.
A mention of that change in the README as well as in the man pages would
be useful.
By the way folks, just in case there's any doubt, the pppd program is very
well regarded in the PPP community. My own personal experience and virtual
experiences on the usenet "help desk" verifies it's high quality and many
useful features. We're lucky to have Paul as the maintainer.
---
Clifford Kite Not a guru. (tm)
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
