For our purposes at SMSC we felt that the security offered through PAP was insufficient, yet we desired to keep the login process to our remote dialin service as simple as possible. For a time we worked with SKey, but of course this requires the person to go through all sorts of contortions to authenticate with the server before the PPP connection is ever established. As a result, we found it very trivial to write a server side authentication daemon and a client side authentication program which handshake and perform the actual authentication using a 512 bit key. This is done AFTER the person authenticates for a PPP connection using PAP. This leaves them in a gui interface without having to deal with login screens, etc. Traffic is only permitted from their assigned IP address at the other end of the PPP tunnel as long as the authenticated connection is maintained. As soon as that connection drops or stops responding, the system slams the door on any packets coming down the PPP line. I post this here to offer a solution to some of those folks here who are struggling with similar authentication issues. While I can not release my code, it is a fairly trivial matter to reproduce the daemon and client if it would solve your problem. Hopefully this will help to give you some ideas. - To unsubscribe from this list: send the line "unsubscribe linux-ppp" in the body of a message to [EMAIL PROTECTED]
