From owner-freebsd-questions Mon Apr 7 04:59:37 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id EAA10754 for questions-outgoing; Mon, 7 Apr 1997 04:59:37 -0700 (PDT) Received: from net1.netview.net (netview.net [199.3.74.250]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA10749 for ; Mon, 7 Apr 1997 04:59:35 -0700 (PDT) Received: from net2 ([206.223.98.8]) by net1.netview.net (8.7.5/8.6.12) with SMTP id GAA22857 for ; Mon, 7 Apr 1997 06:58:46 -0500 (EST) Message-Id: <3.0.1.32.19970407065957.00ab4100@199.3.74.250> X-Sender: jrclark@199.3.74.250 X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Mon, 07 Apr 1997 06:59:57 To: questions@freebsd.org From: John Clark Subject: pppd vs. getty with inetd, security Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello, I have a modem on a FreeBSD host that I use to establish a PPP connection with remote clients. Currently, I have getty monitoring serial port 1 for incoming calls: ttyd1 "/usr/libexec/getty std.57600" dialup on insecure After logging in, I just start 'pppd' and all is well. However, this seems to be a waste of resources (a shell), and also adds another layer of software between the modem and the pppd code. Therefore, I have been experimenting with the following line in /etc/ttys: cuaa1 "/usr/sbin/pppd /dev/cuaa1 57600 -detach" unknown on This really works great, but there is no security here -- anyone can call in without login confirmation. How do I implement security with this approach? You say CHAP / PAP? Well, I have never used either -- the password protection of the shell has been sufficient to date. I also need to login with various clients which may not have such advanced protocols. Is there a way to have pppd prompt for a login/password? Any advice on this issue would be appreciated... Thanks, John Clark [email@john.net]