On Fri, 19 Nov 1999, Clifford Kite wrote:
> I'd think the maintainers of kppp would be the ones to adjust to changes
> in what pppd does rather than pppd trying to accommodate kppp or any
The situation would occur for anyone running pppd as a normal user,
whether from kppp or by directly invoking pppd or whatever, unless you
use a front-end which is itself setuid-root and changes the real userid to
root (this is effectively what redhat does).
> Moreover, and correct me
> if I'm wrong, it *appears* that a default route and a PPP authentication
> option of any sort are necessary and sufficient conditions to trigger it,
> i.e., pppd doesn't actually examine a secrets file. How could it know
> which secrets entry would be valid before PPP link negotiation?
It does look in the secrets files. If they are empty, or if they only
contain secrets with no permitted IP addresses, pppd prints this message.
I thought that was preferable to starting up the link and then taking it
down because the peer couldn't authenticate itself.
> |As a general principle, I do not want pppd to allow arbitrary users to
> |make connections to arbitrary systems using arbitrary IP addresses without
> |approval of some kind from the system administrator. In particular, it
> |would be bad if an intruder on a system (who had got into a user account,
> |not root) could use pppd to take over arbitrary neighbouring IP addresses.
>
> Generally agree, and a noauth default would serve this purpose. I think
You mean defaulting to `auth', surely?
Paul.
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
