From owner-freebsd-security Wed Oct 6 21:24:52 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 5407614C06; Wed, 6 Oct 1999 21:24:51 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 497EF1CD471; Wed, 6 Oct 1999 21:24:51 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Wed, 6 Oct 1999 21:24:51 -0700 (PDT) From: Kris Kennaway To: Derek Werthmuller Cc: freebsd-security@FreeBSD.ORG Subject: Re: Authenticate ppp users via Kerberos ? In-Reply-To: <7A71D0D43B9ED1119EC10008C756C30418F68A@ctg-nt.ctg.albany.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 6 Oct 1999, Derek Werthmuller wrote: > Is it possible and/or has anyone been able to setup a FBSD ppp server and > authenticate dialin users via PAP and Kerberos ? What springs to mind is using kernel-mode PPP (a.k.a pppd), with PAM support compiled in, and a PAM kerberos module. I haven't heard how well the PAM support works for FreeBSD - it should, since we use the same codebase as the linux folks, but you may need to grab the most recent copy of the pppd code and compile it yourself - I've suggested it to a few people in the past but haven't heard how they went with it. You could certainly get this working with PicoBSD (which would be very cool!), but it might take a bit of doing since PicoBSD doesn't do dynamic linking, and PAM likes it best if you can dynamically load in the modules. However, you should be able to get the kerberos PAM module compiled into the static PAM library and from there linked into pppd (that's how it's done with the system-distributed PAM modules). Kris ---- XOR for AES -- join the campaign! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message