From owner-freebsd-questions  Tue Nov  9 13:20:56 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from awfulhak.org (dynamic-13.max4-du-ws.dialnetwork.pavilion.co.uk [212.74.9.141])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6324D153EB; Tue,  9 Nov 1999 13:20:40 -0800 (PST)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12])
	by awfulhak.org (8.9.3/8.9.3) with ESMTP id UAA07903;
	Tue, 9 Nov 1999 20:57:43 GMT
	(envelope-from brian@lan.awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1])
	by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id VAA03427;
	Tue, 9 Nov 1999 21:01:28 GMT
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <199911092101.VAA03427@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.1.0 09/18/1999
To: Wolfram Schneider <wosch@cs.tu-berlin.de>,
	Sabrina Minshall <sabrina@accesscom.com>
Cc: brian@freebsd.org, questions@freebsd.org
Subject: Re: [sabrina@accesscom.com: PPP and RADIUS] 
In-Reply-To: Message from Wolfram Schneider <wosch@cs.tu-berlin.de> 
   of "Tue, 09 Nov 1999 19:45:07 +0100." <19991109194507.A15334@freno.cs.tu-berlin.de> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 09 Nov 1999 21:01:28 +0000
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> ----- Forwarded message from Sabrina Minshall <sabrina@accesscom.com> -----
> From: Sabrina Minshall <sabrina@accesscom.com>
> Subject: PPP and RADIUS
> To: wosch@freebsd.org
> Date: Tue, 9 Nov 1999 09:51:52 -0800 (PST)
> Cc: sabrina@accesscom.com
> 
> Hi Wolfram,
>    I'm trying to understand how unix style password works on a PPP server.
>    Suppose a dialup client initates a PPP session with a server and 
>    negotiates the auth. to be either PAP or CHAP, then can the PPP server 
>    use the local /etc/passwd file to validate the response? Or only PAP
>    (and not CHAP) will work in this case where /etc/passwd file is used?

Yes, that is, if you ``enable passwdauth'' or set a users password to 
``*'' in ppp.secret, *and* if you ``enable pap'', ppp will simply 
encrypt the password provided and compare it against the encrypted 
/etc/passwd entry.

If you also enable *chap, the user may chose that instead of pap 
though, so be careful - ``*'' is an easy password to guess (ie, don't 
use ``*'' in ppp.secret if you enable chap).

>    Appreciate any help.
> 
> 
>    Sabrina
[.....]
> -- 
> Wolfram Schneider <wosch@freebsd.org> http://wolfram.schneider.org

-- 
Brian <brian@Awfulhak.org>                        <brian@FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour !          <brian@FreeBSD.org.uk>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message