[pptp-server] Can server _require_ encryption?

Toktar, Emir EMIR.TOKTAR at bra.xerox.com
Wed Sep 1 18:04:21 CDT 1999


Michael, if did not make encrypted password validation, it refuses the
conecction and the client gets one error status. 

[options]
-pap
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
....

Let me get one thing, are you trying not to allow the shutting down
conecction telling the user to set up DUN with MS CHAP before refusing the
conecction? (that is, must set option require data encryption )


Emir Toktar
emir.toktar at bra.xerox.com 
toktar at per.com.br
toktar at ppgia.pucpr.br



-----Original Message-----
From: Michael St. Laurent [mailto:rowl at earthcorp.com]
Sent: Wednesday, September 01, 1999 2:11 PM
To: pptp-server at lists.schulte.org
Subject: RE: [pptp-server] Can server _require_ encryption?


Yes... I knew about the +chap option and already have it configured.  What
I'm trying to do now is require _data_encryption_ not encrypted password
validation.

At 04:54 PM 08/31/1999 -0300, you wrote:
>In [options] file there is any syntax that could be set. 
>
>Look file ~/ppp-2.3.8/ppp/auth.c
>
>~/ppp-2.3.8/ppp/auth.c
>...
>...
>...
>
>/*
> * Authentication-related options.
> */
>option_t auth_options[] = {
>    { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
>      "Require PAP authentication from peer", 1, &auth_required },
>    { "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
>      "Require PAP authentication from peer", 1, &auth_required },
>    { "refuse-pap", o_bool, &refuse_pap,
>      "Don't agree to auth to peer with PAP", 1 },
>    { "-pap", o_bool, &refuse_pap,
>      "Don't allow PAP authentication with peer", 1 },
>    { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
>      "Require CHAP authentication from peer", 1, &auth_required },
>    { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
>      "Require CHAP authentication from peer", 1, &auth_required },
>    { "refuse-chap", o_bool, &refuse_chap,
>      "Don't agree to auth to peer with CHAP", 1 },
>    { "-chap", o_bool, &refuse_chap,
>      "Don't allow CHAP authentication with peer", 1 },
>    { "name", o_string, our_name,
>      "Set local name for authentication",
>      OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
>    { "user", o_string, user,
>      "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN },
>    { "usehostname", o_bool, &usehostname,
>      "Must use hostname for authentication", 1 },
>...
>...
>...
>...
>...
>...
>
>
>
>
>Emir Toktar
>
>emir.toktar at bra.xerox.com 
>toktar at per.com.br
>toktar at ppgia.pucpr.br
>
>
>
>
>-----Original Message-----
>From: Michael St. Laurent [mailto:rowl at earthcorp.com]
>Sent: Tuesday, August 31, 1999 2:04 PM
>To: pptp-server at lists.schulte.org
>Subject: [pptp-server] Can server _require_ encryption?
>
>
>I have pptp working with encryption (!!!_party_!!!)  What I need to do now
>is configure the server to inisist on data encryption.  I know this can be
>set on the clients but I don't trust our users to not screw it up.  Is
>there some way to set the server to reject any connection attempt that will
>not agree to data encryption?
>
>--------------------
>Michael St. Laurent
>Hartwell Corporation
>
>
>_______________________________________________
>pptp-server maillist  -  pptp-server at lists.schulte.org
>http://lists.schulte.org/mailman/listinfo/pptp-server
>List services provided by www.schulte.org!
>

--------------------
Michael St. Laurent
Hartwell Corporation


_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!




More information about the pptp-server mailing list