*BSD News Article 86293

Return to BSD News archive 

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!vic.news.telstra.net!news.telstra.net!news-out.internetmci.com!EU.net!news.sprintlink.net!news-peer.sprintlink.net!news-peer.gsl.net!news.gsl.net!news-lond.gsl.net!news.gsl.net!dispatch.news.demon.net!demon!awfulhak.demon.co.uk!awfulhak.demon.co.uk!usenet
From: brian@awfulhak.demon.co.uk (Brian Somers)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: PPP Dial-in security questions
Date: 6 Jan 1997 02:05:30 GMT
Organization: Coverform Ltd.
Lines: 27
Message-ID: <5apmla$bg0@awfulhak.demon.co.uk>
References: <32cbc02b.84472863@news.duke.edu>
NNTP-Posting-Host: awfulhak.coverform.lan
X-NNTP-Posting-Host: awfulhak.demon.co.uk
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Newsreader: knews 0.9.8
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:33676

In article <32cbc02b.84472863@news.duke.edu>,
	reese@chem.duke.edu (Charles Reese) writes:
> I am using (user) ppp to provide dial-in support.  The current scheme
> has the user login using a regular getty Name,Password sequence with
> the users 'shell' being ppp-dialin which is a link to ppp-shell etc.
> When the ppp program starts up it gives a warning messages saying
> there is no security etc. because I am not using PAP or CHAP.   My
> question is when the user logs in this way is PAP or CHAP still
> neccesary? If so why?  Can someone who has no account on the machine
> still use the dial-in lines?
> 
> I would really appreciate it if someone could explain these issues in
> some detail.

PAP & CHAP aren't necessary - the user has already been authenticated.
As an alternative, you could have ppp run instead of getty, and insist
on either PAP or CHAP authentication - I think this is what Win95
expects the world to do (I don't think it comes with a chat-script by
default).  This isn't a bad idea - you can have a different set of
dial-in-ppp-users and real-login-type-users.

Having both, IMHO, is extraneous.

-- 
Brian <brian@awfulhak.demon.co.uk>, <brian@freebsd.org>
      <http://www.awfulhak.demon.co.uk/>
Don't _EVER_ lose your sense of humour....