Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Sep 1997 13:57:07 -0300 (ADT)
From:      Antonio Bemfica <bemfica@militzer.me.tuns.ca>
To:        freebsd-questions@freebsd.org
Subject:   exiting shell and PPP security, authentication
Message-ID:  <Pine.BSF.3.96.970903133329.6932A-100000@militzer.me.tuns.ca>
next in thread | raw e-mail | index | archive | help 
Hello.

My setup:

1. I have user PPP setup on my servers to handle incoming calls. 
2. I want to authenticate users via the password file (enable passwauth)
   and PAP - it seems the cleanest way - no plain text ppp.secret, etc.
3. My users dial in and log on using their normal accounts and password.
   Once they get a prompt, ppp can be started with a script:

	#!/bin/sh 
	#
	# PPP Server DIAL-UP (/usr/sbin/ppplogin)
	#	
	# -> find out which line is trying to connect and use different
	#    labels for each line
	#
	tt=`tty`
	#
	#
	if [ $tt = "/dev/ttyd1" ]; then
		exec /usr/sbin/ppp -direct ttyd1
	elif [ $tt = "/dev/ttyd2" ]; then
		exec /usr/sbin/ppp -direct ttyd2
	fi
	#
	exit 

4. Client scripts can handle the authentication procedure above quite
easily, and users don't get confused about when to enter which password,
etc. - entering their name and password once is enough (the Win95 client
will save this information, for example)

My problem:

1. Users get a connection established without problems, but:

2. When a connection is closed the shell stays open (somehow the shell
   does not seem to exit properly when the ppp process dies). In any case,
   the tty is tyed up, and the modem will not answer the line anymore - or
   even worse, will allow a user to get a ppp connection without any
   authentication! 

3. I would prefer not to have to create duplicate accounts for every one
   of my users who wishes to connect via ppp (and set the shell of their
   ppp accounts to be the script above - this setup never hangs...) and 
   neither would I like to use the ppp.secret method.

Is there any possible solution to my problem? What am I doing wrong? 

Thanks in advance for any help.

Antonio
-- --------------------------------------------------------------------------
Antonio Bemfica, DalTech, Dalhousie U.	|  Hay épocas hechas para diezmar los
=> Support free software, use FreeBSD	|      rebaños, confundir las lenguas
=> http://www.FreeBSD.org		|       y dispersar las tribus.  A.C.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970903133329.6932A-100000>