*BSD News Article 44444


Return to BSD News archive

Xref: sserve comp.unix.amiga:10415 comp.unix.bsd.netbsd.misc:391
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!yarrina.connect.com.au!classic.iinet.com.au!news.uoknor.edu!news.ecn.uoknor.edu!paladin.american.edu!gatech!howland.reston.ans.net!agate!violet.berkeley.edu!jkh
From: jkh@violet.berkeley.edu (Jordan K. Hubbard)
Newsgroups: comp.unix.amiga,comp.amiga.unix,comp.unix.bsd.netbsd.misc
Subject: Re: Demand dialed PPP (was Re: FOLLOWUP: PPP client setup help)
Date: 21 May 1995 16:17:13 GMT
Organization: University of California, Berkeley
Lines: 34
Message-ID: <3pnp29$bk5@agate.berkeley.edu>
References: <betts.28.00A4DF49@onramp.net> <3pni1k$bfd@su102w.ess.harris.com> <3pnija$bll@su102w.ess.harris.com> <3pnj7k$cto@news.nynexst.com>
NNTP-Posting-Host: violet.berkeley.edu

In article <3pnj7k$cto@news.nynexst.com>, H.J. Lu <hjl@nynexst.com> wrote:
>You didn't mean "everything", did you? My PPP account password
>changes every minute. I have to type in it by hand. How does it
>handle that?

[I'm not sure how my little message in comp.unix.bsd.freebsd.misc got
redisted to the entire universe like this, but I'll follow up and dive
back under the covers]

No offense, but having your PPP password change every minute is just
silly (and I find myself wondering why you simply didn't make it
"password agile" and sync off the NAVSTAR satellites, like the military
crypto boys do it :-).  It's not the way to solve the problem, and is
somewhat overkill to boot.  If you want the password to be secure at
the ISP side, then you should run PAP or CHAP authentication and keep the
password local to your machine.  This problem has been solved, and
far more nicely and transparently than changing your PPP login password
every 3 seconds.  ijppp (which, BTW, is in /usr/sbin/ppp and not /usr/bin/ppp
on FreeBSD, as I mistakenly first stated - whoops!) deals with all that
rather well, and it does all the ifconfig/routing nastiness behind the
scenes so that you don't have to.  It even has a built-in terminal emulator
(the "term" command) that you can use to dial and dialog with your ISP,
it automatically detecting the first PPP handshake and dropping back to
the local side.  I suppose you could simply start it manually and use this
feature to enter your password each time, but that would kind of defeat
the purpose.  Really, use CHAP!  That's what it's meant for.  It also
supports proxy ARP (in server mode), packet filtering and
"Predictor-1 compression", all of which which are features you won't get
with the standard PPP.

Ok, so it doesn't make toast and water the house plants, but I'd say
it does enough.. :-)

						Jordan