On Sat, 26 Jan 2002, CYWare wrote: > >Terminal servers provide the ppp protocol already, and authenticate via > >Radius, or Tacacs. > > Can the source code for the Terminal Servers be altered? > > > You're comparing apples and oranges here. pppd is the protocol used to > > send TCP/IP over a serial line (encapsulation). Part of its job is > > authentication between two sites (using CHAP or PAP). Normally for ISPs, > > the authentication is one way -> ISP authenticates the dialup client. > > Some implementations of terminal server software in linux (mgetty) > > auto-run pppd when it detects ppp frames being sent by the client. Some > > other implementations like portslave actually have radius authentication > > hacked into the ppp daemon so that if you run portslave on a PC server, > > it's as if its a terminal server in itself. > > > > so, > > > > pppd -> daemon that implements tcp/ip encapsulation protocol over > > serial/dialup lines with built in authentication based on PAP/CHAP. may > > come with a hack that uses radius for authentication > > > > radius -> purely an authentication/accounting protocol, used for > > network/isp auth/acctg. > > > > > Are you saying portslave replaces mgetty and pppd? If it does, then maybe > portslave should be the package we customize.
In a way, yes, because portslave comes with its own custom pppd that authenticates via radius. This has become a problem for portslave because it is dependent on the version of pppd as well as the pppd included in the kernel. > I need to do something special with packets which is why we chose to > customize pppd. Since we were already touching the code, we decided to do > the authentication by querying a database directly rather than allowing the > ppp daemon to go through pap-secrets or RADIUS for that matter. Yes that would be an idea. But a more "open" design would be just to use the radius protocol for authenitcation, and hack out a radius backend instead. This solution would not hard-code a pppd implementation to a particular database/schema. Just beware that there are both userspace and kernel-space portions of pppd. What you are doing for pppd now may or may not work with tomorrows' kernel. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
