[pptp-server] PoPToP and Authentication Questions
James MacLean
macleajb at Trademart-1.ednet.ns.ca
Mon Mar 13 16:17:46 CST 2000
On Mon, 13 Mar 2000, Adam Williams wrote:
> >missed? Regardless of the ansewr, can someone provide me with a link to
> >documentation detailing the setup of such a scenario? Thanks
>
> Authentication is actually handled by PPP. PPP supports PAM if you use PAP
> authentication, which means no encryption. With PAM you can authenticate
> against anything you want. With CHAP you must maintain a hideous secrets
> file on the PPP server, because you don't have the password you can't auth
> against something like PAM. A couple of people are pondering this dilemma,
> but I haven't seen anything come through. I am also eagerly awaiting this
> feature (I want to auth with PAM against an LDAP server). I'll buy pizza for
> anyone who can provide a patch to let me CHAP against PAM.
Interesting... The pizza that is :).
Since one needs that password to CHAPinate, would you care if it was bare
text stored ACL'd on the LDAP server?
I've had it working this way against ICRadius, but never completed that
project. It was quite an ugly hack at best, but the underlying pain in
the neck was that to make the CHAP compares work, you start with the plain
text password and go forward, not take and MD5, etc... password and work
any other way.
Possibly I missed the obvious solution, but that was the problem as I saw
it and went onward using clear passwords.
JES
--
James B. MacLean macleajb at ednet.ns.ca
Department of Education http://www.ednet.ns.ca/~macleajb
Nova Scotia, Canada
B3M 4B2
More information about the pptp-server
mailing list