RE: pam support for ppp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Remember that this only works with PAP, not CHAP (sigh!).

You won't get the more secure 2-way handshaking that chap provides, however
given this IS a dialup line, security is considered naturally a bit tighter
than always-on totally sniffable internet connections...so pap s/b fine.
Real ISPs don't use pap/chap anyways, they use Radius or something else.

I would think that pam is by default on all things RedHat (7.1 or
otherwise). Most client/server/other installations bring this in and I think
most installed rpms depend upon it being there.


mike

-----Original Message-----
From: Mike Gerdts [mailto:Michael.Gerdts@alcatel.com]
Sent: Thursday, October 11, 2001 11:25 AM
To: pam-list@redhat.com
Subject: Re: pam support for ppp


On Tue, 2001-10-09 at 22:07, Murali K. Vemuri wrote:
> hi ,
>  i want to use my LINUX box(redhat 7.1 kernel 2.2.16) as ppp server
>  i downloaded ppp server 2.4.1 and installed.
>  now, i want the authentication of the clients through the PAM .
>  as of now, i am able to get through with chap as well as pap.
>  i wanna know what changes will make it look at pam?
>  regards
>  murali krishna vemuri

I think that what you are looking for is the "login" option.  From the
pppd man page:

     Furthermore, if the login option was specified, the username
     and  password  are  also checked against the system password
     database.  Thus, the system administrator  can  set  up  the
     pap-secrets  file to allow PPP access only to certain users,
     and to restrict the set of IP addresses that each  user  can
     use.   Typically, when using the login option, the secret in
     /etc/ppp/pap-secrets would be "", which will match any pass-
     word supplied by the peer.  This avoids the need to have the
     same secret in two places.

Also, be sure that you really do have pam support built in.  The Red Hat
7.1 rpm does.  You can check by being sure that it is linked against
libpam.  Note the first line of output says that it is linked with the
pam library.

$ ldd /usr/sbin/pppd
	libpam.so.0 => /lib/libpam.so.0 (0x40026000)
	libdl.so.2 => /lib/libdl.so.2 (0x4002e000)
	libutil.so.1 => /lib/libutil.so.1 (0x40032000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x40035000)
	libc.so.6 => /lib/i686/libc.so.6 (0x40063000)
	/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)




_______________________________________________

Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux