Date: Mon, 07 Apr 1997 15:19:06 +0300 From: Nadav Eiron <nadav@barcode.co.il> To: John Clark <email@john.net> Cc: questions@freebsd.org Subject: Re: pppd vs. getty with inetd, security Message-ID: <3348E63A.27B2@barcode.co.il> References: <3.0.1.32.19970407065957.00ab4100@199.3.74.250>
next in thread | previous in thread | raw e-mail | index | archive | help
John Clark wrote: > > Hello, > > I have a modem on a FreeBSD host that I use to establish a PPP connection > with remote clients. Currently, I have getty monitoring serial port 1 for > incoming calls: > > ttyd1 "/usr/libexec/getty std.57600" dialup on insecure > > After logging in, I just start 'pppd' and all is well. However, this seems > to be a waste of resources (a shell), and also adds another layer of > software between the modem and the pppd code. Therefore, I have been > experimenting with the following line in /etc/ttys: > > cuaa1 "/usr/sbin/pppd /dev/cuaa1 57600 -detach" unknown on > > This really works great, but there is no security here -- anyone can call > in without login confirmation. How do I implement security with this > approach? You say CHAP / PAP? Well, I have never used either -- the > password protection of the shell has been sufficient to date. I also need > to login with various clients which may not have such advanced protocols. > Is there a way to have pppd prompt for a login/password? > > Any advice on this issue would be appreciated... > > Thanks, > > John Clark > [email@john.net] Have a user whose shell is pppd (or more appropriatly a script that calls pppd with the right parameters), and use getty as you use now. This would make the login sequence the same, only you won't have the option of doing anything other than running pppd with that user. Nadav
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3348E63A.27B2>