From owner-freebsd-questions Wed Sep 3 09:59:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA23215 for questions-outgoing; Wed, 3 Sep 1997 09:59:23 -0700 (PDT) Received: from militzer.me.tuns.ca (militzer.me.tuns.ca [134.190.50.153]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA23210 for ; Wed, 3 Sep 1997 09:59:18 -0700 (PDT) Received: from localhost (bemfica@localhost) by militzer.me.tuns.ca (8.8.7/8.8.5) with SMTP id NAA07164 for ; Wed, 3 Sep 1997 13:57:07 -0300 (ADT) Date: Wed, 3 Sep 1997 13:57:07 -0300 (ADT) From: Antonio Bemfica To: freebsd-questions@freebsd.org Subject: exiting shell and PPP security, authentication Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id JAA23211 Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello. My setup: 1. I have user PPP setup on my servers to handle incoming calls. 2. I want to authenticate users via the password file (enable passwauth) and PAP - it seems the cleanest way - no plain text ppp.secret, etc. 3. My users dial in and log on using their normal accounts and password. Once they get a prompt, ppp can be started with a script: #!/bin/sh # # PPP Server DIAL-UP (/usr/sbin/ppplogin) # # -> find out which line is trying to connect and use different # labels for each line # tt=`tty` # # if [ $tt = "/dev/ttyd1" ]; then exec /usr/sbin/ppp -direct ttyd1 elif [ $tt = "/dev/ttyd2" ]; then exec /usr/sbin/ppp -direct ttyd2 fi # exit 4. Client scripts can handle the authentication procedure above quite easily, and users don't get confused about when to enter which password, etc. - entering their name and password once is enough (the Win95 client will save this information, for example) My problem: 1. Users get a connection established without problems, but: 2. When a connection is closed the shell stays open (somehow the shell does not seem to exit properly when the ppp process dies). In any case, the tty is tyed up, and the modem will not answer the line anymore - or even worse, will allow a user to get a ppp connection without any authentication! 3. I would prefer not to have to create duplicate accounts for every one of my users who wishes to connect via ppp (and set the shell of their ppp accounts to be the script above - this setup never hangs...) and neither would I like to use the ppp.secret method. Is there any possible solution to my problem? What am I doing wrong? Thanks in advance for any help. Antonio -- -------------------------------------------------------------------------- Antonio Bemfica, DalTech, Dalhousie U. | Hay épocas hechas para diezmar los => Support free software, use FreeBSD | rebaños, confundir las lenguas => http://www.FreeBSD.org | y dispersar las tribus. A.C.