[pptp-server] LINUX
Nathan Meyers
nmeyers at javalinux.net
Tue Mar 7 18:17:32 CST 2000
On Tue, Mar 07, 2000 at 03:46:23PM -0800, Scott M. Stone wrote:
> On Tue, 7 Mar 2000, Ryan Matijcio wrote:
>
> >
> > Hi Alan,
> >
> > One problem I can see with a Linux pptp server in a large NT enviroment is
> > account management. I can see it being a real nightmare maintaining the
> > chap-secrets file (the one that maintains the username and password for the
> > vpn accounts.) As far as I've read there is nothing to handle this. In NT
> > you can easily just turn PPTP on or off for an account in user manager.
>
> that's a good point, though -- I wonder how hard it would be to patch pppd
> to use the system's getpasswd() functions instead of reading chap-secrets?
> ie, compare the inputted password from the client with the system password
> table instead of having it separate..?
Not hard at all, but it won't work the way you hope.
It's the nature of the CHAP protocol to use the same secret on both
ends of the connection, without ever sending the secret in any form
(encrypted or otherwise). So both ends must know the same string. If
all it knows on the server end is the encrypted text it retrieves from
getpasswd() call, that's the "password" you must use from the client
side - not the user's real password.
Nathan
>
> Probably not THAT difficult, I'd think, but who knows. Maybe I'll try it
> sometime..
>
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company
>
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
More information about the pptp-server
mailing list