From owner-freebsd-isdn  Sat Nov 13  9:24:16 1999
Delivered-To: freebsd-isdn@freebsd.org
Received: from hcshh.hcs.de (hcshh.hcs.de [194.123.40.1])
	by hub.freebsd.org (Postfix) with SMTP
	id 7144614D82; Sat, 13 Nov 1999 09:24:11 -0800 (PST)
	(envelope-from hm@hcs.de)
Received: from hcswork.hcs.de([192.76.124.5]) (2008 bytes) by hcshh.hcs.de
	via sendmail with P:smtp/R:inet_hosts/T:smtp
	(sender: <hm@hcs.de>) 
	id <m11mguI-00024DC@hcshh.hcs.de>
	for <isdn@FreeBSD.ORG>; Sat, 13 Nov 1999 18:24:10 +0100 (CET)
	(Smail-3.2.0.104 1998-Nov-20 #1 built 1998-Dec-11)
Received: by hcswork.hcs.de (Postfix, from userid 200)
	id E919738E2; Sat, 13 Nov 1999 18:24:09 +0100 (MET)
Subject: Re: i4b & security (Re: "man" reads /etc/rc.conf?)
In-Reply-To: <199911131029.LAA00904@work.net.local> from Alexander Leidinger at "Nov 13, 99 11:29:23 am"
To: A.Leidinger@WJPServer.CS.Uni-SB.de (Alexander Leidinger)
Date: Sat, 13 Nov 1999 18:24:09 +0100 (MET)
Cc: freebsd-current@FreeBSD.ORG, isdn@FreeBSD.ORG
Reply-To: hm@hcs.de
Organization: HCS Hanseatischer Computerservice GmbH
X-Mailer: ELM [version 2.4ME+ PL39 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1050      
Message-Id: <19991113172409.E919738E2@hcswork.hcs.de>
From: hm@hcs.de (Hellmuth Michaelis)
Sender: owner-freebsd-isdn@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

From the keyboard of Alexander Leidinger:

> >> But with i4b you have to specify a username-password pair in rc.conf
> >> (spppconfig_isp0) and I didn_t want to show it to every user (rc.conf
> >> is u+rw,g+r,o+r for reasons you mention).
> > 
> > What about /etc/start_if.isp0?
> 
> Yes, with permissions of u+r,go-rwx it_s more secure than the currently
> recommended way.
> 
> Hellmuth? Will this be the new official way of configuring i4b?

I'm not at all satisfied with the way password arguments to spppcontrol
work currently.

But before we get to security issues of spppcontrol, i think the sppp
issues in i4b (lcp-echo, lcp-loops) have to be resolved (besides other
much more basic things such as the hardware drivers).

hellmuth
-- 
Hellmuth Michaelis                                    Tel   +49 40 559747-70
HCS Hanseatischer Computerservice GmbH                Fax   +49 40 559747-77
Oldesloer Strasse 97-99                               Mail  hm [at] hcs.de
22457 Hamburg                                         WWW   http://www.hcs.de


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message