Michael I agree that KPPP is one of the most user friendly. I only have to be a member of the 'dip' and 'dialout' groups in order to use KPPP successfully (using debian stable). I only had to comment out the 'auth' in /etc/ppp/options to enable the connection to remain on.
Craig p.s. what distro etc... On Fri, 04 Jul 2003 22:29, you wrote: > <rant> > > What the hell were they thinking when they (whoever) decided that KPPP > should use PAM in the authentication process? I consider KPPP the > user-friendliest dialup desktop solution but they've screwed the > implementation up badly. > > An ordinary user must provide the root password to run KPPP. Apparently, > there is no group that you can add your user to to permit the use of KPPP. > > You can run KPPP without having to put in the root password by editing > /etc/pam.d/kppp and changing the following: > #auth sufficient /lib/security/pam_rootok.so > auth sufficient /lib/security/pam_permit.so > > Great! Now KPPP will fire up in KDE without prompting you for a password > BUT the authentication unlocked keys appear on the taskbar, which means > that you can run ANY desktop or menu option as root! When you close KPPP > the authentication is STILL remembered so you now have full control of the > system. > > The only solution to maintain the security is to create a desktop link to > KPPP to run in a terminal window. I'm sure that this must give the > terminal window root access but because it runs in foreground as soon as > kppp is terminated so is the terminal window. I suggest that this would > provide fairly easy hacking fodder for a semi-advanced user of Linux - > probably adding an ampersand to the link will do the trick... > > Stupid! I like KPPP and I think it's a great interface for your pleb user. > Why did they ruin it? Is there something that I've missed totally? > Perhaps there is a user/group privilege that someone could draw my > attention to? > > </rant> > > Linux is still pretty cool, but I need to be able to stop novice users from > lousing up the setup I give them but at the same time I need them to be > able to _easily_ use the GUI so that it is a viable solution to Windoze. > > Michael. > > PS: The following solution from one website did NOT work because it does > not defeat the PAM authentication: > > 1. Add a new group say, dialout : > > pw groupadd dialout > > 2. Add users say, user1 to the group : > > pw groupmod dialout -M user1 > > 3. set the permissions : > > chown root.dialout /usr/local/bin/kppp > chmod 4750 /usr/local/bin/kppp > > 4. Create a file /etc/kppp.allow and add users, (who are authorised to do > the dialup; user1 in our case) one on each line. There's NO need to add > root user here. You can use # for comments. Spaces are also allowed. > > 5. create a file /etc/ppp/options if not already present > > --- > [EMAIL PROTECTED] > Message generated in webmail.
