From owner-freebsd-hackers Wed Jun 21 06:48:51 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id GAA22345 for hackers-outgoing; Wed, 21 Jun 1995 06:48:51 -0700 Received: from whisker.internet-eireann.ie (whisker.internet-eireann.ie [194.9.34.204]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id GAA22327 for ; Wed, 21 Jun 1995 06:48:42 -0700 Received: (from jkh@localhost) by whisker.internet-eireann.ie (8.6.11/8.6.9) id OAA19860 for hackers@freebsd.org; Wed, 21 Jun 1995 14:49:03 +0100 Date: Wed, 21 Jun 1995 14:49:03 +0100 From: "Jordan K. Hubbard" Message-Id: <199506211349.OAA19860@whisker.internet-eireann.ie> To: hackers@freebsd.org Sender: hackers-owner@freebsd.org Precedence: bulk Path: gate2.internet-eireann.ie!news.sprintlink.net!cs.utexas.edu!uwm.edu!vixen.cso.uiuc.edu!news.ecn.bgu.edu!newspump.wustl.edu!ecl.wustl.edu!beru!brian From: brian@beru.wustl.edu (Brian L Gottlieb) Newsgroups: comp.unix.bsd.freebsd.misc Subject: PPP login script security Date: 20 Jun 1995 17:40:02 GMT Organization: Washington University, St. Louis, MO Lines: 45 Message-ID: <3s715i$6pm@ecl.wustl.edu> NNTP-Posting-Host: beru.wustl.edu X-Newsreader: TIN [version 1.2 PL1] I recently (over the last week or so, actually) installed FreeBSD on my system. I got it up and running without a problem, and got X running after doing a kernel recompile to include my PS/2 mouse. Anyways, I'm now trying to configure it for ppp dial-on-demand. I've tried it out and it works great. But I am concerned abut the login script being readable on the machine. My ISP uses a login and password authentication before setting up the PPP connection. This password is the same as my user password (as required by his setup), and therefore compromises my account if the password appears in the script. Given that the /etc/ppp.* files are not encrypted at all, my password, if it were to appear in those files, would be compromised. Also, the password for accessing PPP running as a daemon is also in plaintext in the /etc/ppp.secret file. One idea I had was to have a password for accessing the daemon, and I could just connect to it and give it the login script once after every reboot. Then dial-on-demand would work fine. But the plaintext password makes that kind of useless. Has anyone been doing any work towards this? One idea I had was to have the password in /etc/ppp.secret be encrypted. The login script would not appear in the configuration file, but would require manual everytime the ppp program is run. If it is run at boot with -auto, this should not be a major inconvenience. While this may still not be 100% secure (what is?), it would be enough for me to feel secure that my roommate, or a visitor, won't be able to trivially extract my password. I started looking into the ppp code last night. If there is no other work being done for such a thing, I'll look into it further. brian -- O O O O Brian Gottlieb /--/ /--/ /--/ /--/ O~ Research Assistant o_______/\_/__/\_/__/\_/__/\_/______-\________ Applied Research Lab \______________/___________/________________/ Washington University / / St Louis, MO ( ( O) O) brian@arl.wustl.edu Life is Short -- Row Hard! http://www.arl.wustl.edu/~brian/