Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 07 Apr 1997 07:37:41
From:      John Clark <email@john.net>
To:        Nadav Eiron <nadav@barcode.co.il>
Cc:        questions@freebsd.org
Subject:   Re: pppd vs. getty with inetd, security
Message-ID:  <3.0.1.32.19970407073741.00ac7e10@199.3.74.250>
In-Reply-To: <3348E63A.27B2@barcode.co.il>
References:  <3.0.1.32.19970407065957.00ab4100@199.3.74.250>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 03:19 PM 4/7/97 +0300, Nadav Eiron wrote:
>John Clark wrote:
>> 
>> Hello,
>> 
>> I have a modem on a FreeBSD host that I use to establish a PPP connection
>> with remote clients.  Currently, I have getty monitoring serial port 1 for
>> incoming calls:
>> 
>>         ttyd1   "/usr/libexec/getty std.57600"  dialup  on  insecure
>> 
>> After logging in, I just start 'pppd' and all is well.  However, this seems
>> to be a waste of resources (a shell), and also adds another layer of
>> software between the modem and the pppd code.  Therefore, I have been
>> experimenting with the following line in /etc/ttys:
>> 
>>         cuaa1   "/usr/sbin/pppd /dev/cuaa1 57600 -detach" unknown on
>> 
>> This really works great, but there is no security here -- anyone can call
>> in without login confirmation.  How do I implement security with this
>> approach?  You say CHAP / PAP?  Well, I have never used either -- the
>> password protection of the shell has been sufficient to date.  I also need
>> to login with various clients which may not have such advanced protocols.
>> Is there a way to have pppd prompt for a login/password?
>> 
>> Any advice on this issue would be appreciated...
>> 
>> Thanks,
>> 
>> John Clark
>> [email@john.net]
>
>Have a user whose shell is pppd (or more appropriatly a script that
>calls pppd with the right parameters), and use getty as you use now.
>This would make the login sequence the same, only you won't have the
>option of doing anything other than running pppd with that user.
>
>Nadav

Yes, of course.  Thanks.



John Clark
[email@john.net]

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.19970407073741.00ac7e10>