On Fri, 26 Nov 1999, Paul Mackerras wrote:
|> Moreover, and correct me
|> if I'm wrong, it *appears* that a default route and a PPP authentication
|> option of any sort are necessary and sufficient conditions to trigger it,
|> i.e., pppd doesn't actually examine a secrets file. How could it know
|> which secrets entry would be valid before PPP link negotiation?
|
|It does look in the secrets files. If they are empty, or if they only
|contain secrets with no permitted IP addresses, pppd prints this message.
|I thought that was preferable to starting up the link and then taking it
|down because the peer couldn't authenticate itself.
Sorry, an oversight on my part, I only tested with my existing secrets
file which doesn't have any IP addresses. I did look at the code in pppd,
but not very deeply since my ability to read C code containing much
indirection (hope that's the right word) leaves a lot to be desired.
|> |As a general principle, I do not want pppd to allow arbitrary users to
|> |make connections to arbitrary systems using arbitrary IP addresses without
|> |approval of some kind from the system administrator. In particular, it
|> |would be bad if an intruder on a system (who had got into a user account,
|> |not root) could use pppd to take over arbitrary neighbouring IP addresses.
|>
|> Generally agree, and a noauth default would serve this purpose. I think
|
|You mean defaulting to `auth', surely?
Absolutely. A moment of dyslexia, which happens more often than I'd like.
I'll take this opportunity to again advocate that the message be modified
to specifically mention an existing default route.
---
Clifford Kite Not a guru. (tm)
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
