Date: Wed, 3 Sep 1997 12:43:15 -0500 (CDT) From: Alec Kloss <alec@d2si.com> To: bemfica@militzer.me.tuns.ca (Antonio Bemfica) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: exiting shell and PPP security, authentication Message-ID: <199709031743.MAA10397@d2si.com> In-Reply-To: <Pine.BSF.3.96.970903133329.6932A-100000@militzer.me.tuns.ca> from Antonio Bemfica at "Sep 3, 97 01:57:07 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Antonio Bemfica said: > Hello. > > My setup: > > 1. I have user PPP setup on my servers to handle incoming calls. > 2. I want to authenticate users via the password file (enable passwauth) > and PAP - it seems the cleanest way - no plain text ppp.secret, etc. > 3. My users dial in and log on using their normal accounts and password. > Once they get a prompt, ppp can be started with a script: > > #!/bin/sh > # > # PPP Server DIAL-UP (/usr/sbin/ppplogin) > # > # -> find out which line is trying to connect and use different > # labels for each line > # > tt=`tty` > # > # > if [ $tt = "/dev/ttyd1" ]; then > exec /usr/sbin/ppp -direct ttyd1 > elif [ $tt = "/dev/ttyd2" ]; then > exec /usr/sbin/ppp -direct ttyd2 > fi > # > exit > > 4. Client scripts can handle the authentication procedure above quite > easily, and users don't get confused about when to enter which password, > etc. - entering their name and password once is enough (the Win95 client > will save this information, for example) > > My problem: > > 1. Users get a connection established without problems, but: > > 2. When a connection is closed the shell stays open (somehow the shell > does not seem to exit properly when the ppp process dies). In any case, > the tty is tyed up, and the modem will not answer the line anymore - or > even worse, will allow a user to get a ppp connection without any > authentication! > > 3. I would prefer not to have to create duplicate accounts for every one > of my users who wishes to connect via ppp (and set the shell of their > ppp accounts to be the script above - this setup never hangs...) and > neither would I like to use the ppp.secret method. > > Is there any possible solution to my problem? What am I doing wrong? > > Thanks in advance for any help. > > Antonio > -- -------------------------------------------------------------------------- > Antonio Bemfica, DalTech, Dalhousie U. | Hay épocas hechas para diezmar los > => Support free software, use FreeBSD | rebaños, confundir las lenguas > => http://www.FreeBSD.org | y dispersar las tribus. A.C. > I'd guess that the script you're using to start up ppp is the problem---the users shell probably forks and then execs /bin/sh to run the script. The script then executes ppp without forking to /bin/sh is gone, but the original shell is not. Hmm. If you could get your users to exec your script you'd probably be okay, either by explaining it to them or by using a shell alias or you could get the script to kill their shell for you (you'll need to use a pretty stiff signal) after ppp exits.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709031743.MAA10397>