[pptp-server] Strong authentication?

[Jim McConnell]

Hello all;

First let me say thanks to all the people on this mailing list.  I've lurked
for a while, and from simply keeping up with the list, I've been able to get
PoPToP running on a RH 6.0 system...

One of the things that I require for my VPN is some sort of strong
authentication.  I find a hardware token is often the best solution.  My
question is simply this:  is it possible to use a hardware token with
ppp-2.3.8 & pptpd-0.9.x?  It seems that ppp comes with PAM support, which is
extremely helpful, but that it is still lacking.

Specifically, I'm trying to accomplish the following:

Setup RH 6.0 with PoPToP, and have ppp authenticate to a RADIUS server.
This particular RADIUS server is a version of the Livingston RADIUS server,
with custom mods from CryptoCard.  The custom RADIUS server will then pass
the auth request to another piece of CryptoCard software, which will
actually perform the authentication.  Status (pass/fail) is then returned to
the RADIUS server, which is returned to PPP, which is finally returned to
the client.

Has any work been done in this area that would be helpful?  Any ideas on
which way to go?  Unfortunately, I'm not a C programmer, or I'd take it upon
myself to make this work.  I have looked into PAM support for RADIUS.  It
appears however, that the current PAM module only supports accounting
features.

So, I suppose that's my plea for help...  :)

Jim

--
Jim McConnell (jkm at tbred.com)
Network Administrator