Date: Thu, 04 Sep 1997 07:53:00 +1000 From: Robert Chalmers <robert@chalmers.com.au> To: Alec Kloss <alec@d2si.com> Cc: Antonio Bemfica <bemfica@militzer.me.tuns.ca>, freebsd-questions@FreeBSD.ORG Subject: Re: exiting shell and PPP security, authentication Message-ID: <340DDC3B.2136A426@chalmers.com.au> References: <199709031743.MAA10397@d2si.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Configure your modem to "reset" when the line is dropped, not just hangup. Make sure you save the config as the default config. bob Alec Kloss wrote: > Antonio Bemfica said: > > Hello. > > > > My setup: > > > > 1. I have user PPP setup on my servers to handle incoming > calls. > > 2. I want to authenticate users via the password file > (enable passwauth) > > and PAP - it seems the cleanest way - no plain text > ppp.secret, etc. > > 3. My users dial in and log on using their normal accounts > and password. > > Once they get a prompt, ppp can be started with a > script: > > > > #!/bin/sh > > # > > # PPP Server DIAL-UP (/usr/sbin/ppplogin) > > # > > # -> find out which line is trying to connect and > use different > > # labels for each line > > # > > tt=`tty` > > # > > # > > if [ $tt = "/dev/ttyd1" ]; then > > exec /usr/sbin/ppp -direct ttyd1 > > elif [ $tt = "/dev/ttyd2" ]; then > > exec /usr/sbin/ppp -direct ttyd2 > > fi > > # > > exit > > > > 4. Client scripts can handle the authentication procedure > above quite > > easily, and users don't get confused about when to enter > which password, > > etc. - entering their name and password once is enough > (the Win95 client > > will save this information, for example) > > > > My problem: > > > > 1. Users get a connection established without problems, > but: > > > > 2. When a connection is closed the shell stays open > (somehow the shell > > does not seem to exit properly when the ppp process > dies). In any case, > > the tty is tyed up, and the modem will not answer the > line anymore - or > > even worse, will allow a user to get a ppp connection > without any > > authentication! > > > > 3. I would prefer not to have to create duplicate accounts > for every one > > of my users who wishes to connect via ppp (and set the > shell of their > > ppp accounts to be the script above - this setup never > hangs...) and > > neither would I like to use the ppp.secret method. > > > > Is there any possible solution to my problem? What am I > doing wrong? > > > > Thanks in advance for any help. > > > > Antonio > > -- > -------------------------------------------------------------------------- > > > Antonio Bemfica, DalTech, Dalhousie U. | Hay > épocas hechas para diezmar los > > => Support free software, use FreeBSD | rebaños, > confundir las lenguas > > => http://www.FreeBSD.org | y dispersar > las tribus. A.C. > > > > I'd guess that the script you're using to start up ppp is > the > problem---the users shell probably forks and then execs > /bin/sh to run > the script. The script then executes ppp without forking to > /bin/sh > is gone, but the original shell is not. Hmm. If you could > get your > users to exec your script you'd probably be okay, either by > explaining > it to them or by using a shell alias or you could get the > script to > kill their shell for you (you'll need to use a pretty stiff > signal) > after ppp exits. -- http://www.chalmers.com.au Books-New & Secondhand Support Whirled Peas. Agents for CIBTC. Associate of Amazon.com, and Partner Program with iBS. Books about China, books from China. Sheng huo jiu shi dou zheng Business Links in Dalian, and Beijing. Building the China Trade
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?340DDC3B.2136A426>