From owner-freebsd-isp Wed Oct 16 03:30:57 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id DAA07690 for isp-outgoing; Wed, 16 Oct 1996 03:30:57 -0700 (PDT) Received: from al.imforei.apana.org.au (al.imforei.apana.org.au [202.12.89.41]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id DAA07669 for ; Wed, 16 Oct 1996 03:30:47 -0700 (PDT) Received: (from pjchilds@localhost) by al.imforei.apana.org.au (8.8.0/8.7.3) id TAA06600; Wed, 16 Oct 1996 19:59:59 +0930 (CST) Date: Wed, 16 Oct 1996 19:59:59 +0930 (CST) From: Peter Childs Message-Id: <199610161029.TAA06600@al.imforei.apana.org.au> To: davo@chunga.kt.apana.org.au (Dave Edwards), val@omnisolve.com, freebsd-isp@freebsd.org Subject: Re: ijppp and ppp.secret for PAP X-Newsreader: TIN [version 1.2 PL2] Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <53t8oj$fhb@al.imforei.apana.org.au> you wrote: : 'Valtaire scribbled..' : > Hello. I use ijppp for my server, and i'd like to start using PAP : > authentication. Problem is, I can't seem to figyre out how to set : > up my ppp.secret file. : > : > whenever i try to log in it says: : > : > 10-13 12:18:22 [17332] Phase: Authenticate : > 10-13 12:18:22 [17332] his = 0, mine = c023 : > 10-13 12:18:22 [17332] PapInput: REQUEST : > 10-13 12:18:22 [17332] PasswdAuth enabled - calling : > 10-13 12:18:22 [17332] PasswdAuth - user not a PPP user : > 10-13 12:18:22 [17332] PapOutput: NAK [cut] : Hmmm, could be whitespace messing it up, sounds like a : configuration problem anyway... : However why keep a file around with passwords in it, when you : can authenticate using the /etc/passwd file! This is a 2.2-current system. You can see that either you supped and built at just the wrong moment in time, or you have enable passwdauth in your ppp.conf (your vars.c should be version 1.9) if you _don't_ want to authenticate users from the /etc/password file then use disable passwdauth (this is the default in the latest 2.2-current ppp, ie vars.c 1.9) If you _do_ want to use password authentication then you should edit passwdauth.c Notice the section where only users with a username starting with "P" are considered vaild ppp users? Better kill that bit of code, or put in your own check... #ifdef LOCALHACK /* * All our PPP usernames start with 'P' so i check that here... if you * don't do this i suggest all your PPP users be members of a group * and you check the guid */ if( name[0] != 'P' ) { LogPrintf( LOG_LCP, "PasswdAuth - user (%s) not a PPP user\n", name ); endpwent(); return 0; } #endif /* LOCALHACK */ I'll think on this and probably submit some diff's commenting this out since it will no doubt cause more grief than good. Its worth reading the bits on #define LOCALHACK in passwdauth.c and deciding if you want to keep it on or turn it off depending on what you are trying to do. I'm open on suggestions for tidying up this a little. Peter -- Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object!