*BSD News Article 71390


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!inquo!news.uoregon.edu!vixen.cso.uiuc.edu!howland.reston.ans.net!newsfeed.internetmci.com!news.itjit.ad.jp!news.iij.ad.jp!news.CET.CO.JP!usenet
From: Michael Hancock <michaelh@cet.co.jp>
Newsgroups: comp.unix.bsd.bsdi.misc
Subject: Re: Plans for CHAP/PPP in BSDI?
Date: Wed, 19 Jun 1996 10:56:12 +0900
Organization: CET
Lines: 31
Message-ID: <31C75E3C.41C67EA6@cet.co.jp>
References: <4p533b$6qm@agate.nbnet.nb.ca> <31C5A3B1.616@cet.co.jp> <31C4F08A.41C67EA6@cet.co.jp> <4q61co$d0l@agate.nbnet.nb.ca>
NNTP-Posting-Host: chaos.cet.co.jp
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0b4 (X11; I; FreeBSD 2.2-CURRENT i386)

Lance Cavener wrote:

>> Commercial PPP packages such as MorningStar still require using a scheme
> >> like Pusername if your terminal server serves both shell and PPP.
> 
> >More background...  I think BSDI chose to use the 'Pusername' scheme for
> >the same reasons 'Uusername' or 'Usitename' is often used for UUCP logins.
> >It differentiates the PPP connection from the e-mail account; allows both
> >type of connections to authenticate using Unix login; and using capital
> >letters prevents the account from receiving mail which you usually don't
> >want.
> 
>  Yeah but because it has a capitol letter in the username that user
> cannot read his/her mail - so what good is that? 2 accounts for one
> person? ;P

This has to do with how Unix authenticates and authorizes dialup connections.  A
program called getty listens on a port and displays a login prompt when it
detects a user.  It accepts a userid and launches a program called login which
displays a password prompt.  If the password is ok then login starts up a shell.

For PPP to work within this scheme, the PPP account is setup to have the PPP
deamon as its shell.  This is why if you want to allow both shell access and PPP
access you need 2 accounts.

You can get around this by modifying how getty works.  You can modify it to
display a prompt, wait for a character and then either detect PPP or a userid
depending on what the character is.  If getty detects PPP then startup PPP with
PAP/CHAP authentication instead of the Unix login program.

-mh