Return to BSD News archive
Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nexus.coast.net!simtel!noc.netcom.net!news.sprintlink.net!EU.net!Germany.EU.net!zib-berlin.de!news.tu-chemnitz.de!irz401!uriah.heep!bonnie.heep!not-for-mail
From: j@bonnie.heep.sax.de (J Wunsch)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: PPP login script security
Date: 21 Jun 1995 11:45:28 +0200
Organization: Private U**x site, Dresden.
Lines: 21
Message-ID: <3s8pno$m8v@bonnie.tcd-dresden.de>
References: <3s715i$6pm@ecl.wustl.edu>
Reply-To: joerg_wunsch@uriah.heep.sax.de
NNTP-Posting-Host: 192.109.108.139
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Brian L Gottlieb <brian@beru.wustl.edu> wrote:
[plaintext password in ppp configuration file]
>Has anyone been doing any work towards this? One idea I had was to
>have the password in /etc/ppp.secret be encrypted. The login script
>would not appear in the configuration file, but would require manual
>everytime the ppp program is run. If it is run at boot with -auto,
>this should not be a major inconvenience.
This would only move the problem towards the security of the
encryption key. Passwords for outgoing connections have been stored
for ages in plain text files (/etc/uucp/systems e.g.). What's wrong
with making them mode 0600 and owned by a `trusted' user (root). If
you cannot trust root, forget about security of a Unix system.
--
cheers, J"org private: joerg_wunsch@uriah.heep.sax.de
http://www.sax.de/~joerg/
Never trust an operating system you don't have sources for. ;-)