Gilles Espinasse writes:
> > So i can't put these options in the config file on the client side? If i
> > understand, he server ask the client for PAP, CHAP or MS-CHAP method to
> > authenticate? The client doesn't choose authentication method? Is it right?
> >
> If one authentication is not configured on the client side, pppd will answer
> with a nak on the request and could offer another authentication method if
> available (that the server may or not accept).
"Configured" in this case means that pppd has access to credentials --
a user name and pass phrase or shared secret for a given
authentication protocol -- and that it's not told _not_ to use them.
On the authenticatee ("client") side, all that you can do is agree to
the peer's request or suggest an alternative; you can't demand to be
identified with a given protocol.
Authentication must work that way. Allowing the authenticatee to
specify the means of validation is insecure.
On the other side, if you're setting up a "server," you use the
'require-pap' keyword (note that "+pap" is obsolescent) to say that
the peers must use PAP to identify themselves.
--
James Carlson 42.703N 71.076W <carlsonj@xxxxxxxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
