[pptp-server] Authenticating using CHAP and PAM

AJ Ostergaard ostergaard at cubbyhole.net
Thu Apr 5 08:20:39 CDT 2001 

Thanks for that. I'll start getting samba installed right away but I can't
fathom what the entry that links chap-secrets to smbpasswd would look like.
Aren't the entries in smbpasswd encrypted? If so can CHAP use them?

AJ

----- Original Message -----
From: "Michael Lantzen" <lantzen at alife.de>
To: "AJ Ostergaard" <ostergaard at cubbyhole.net>;
<pptp-server at lists.schulte.org>
Sent: Thursday, April 05, 2001 2:07 PM
Subject: Re: [pptp-server] Authenticating using CHAP and PAM


> I just asked the same yesterday. The only way to go is to use samba to
> mirror the passwords onto the linux box and put an entry into the
> chap-secrets that links to the smbpasswd. As far as i know thats the only
> way to currently get the functionality you want and not having the
> passwords unencrypted in any place.
>
> bye
> Michael
> At 12:07 05.04.2001 +0100, AJ Ostergaard wrote:
> >Hello all,
> >
> >I am trying to set-up a secure VPN for remote users to access our
internal
> >networks and have everything working in terms of MPPE, PAP, CHAP, PPP to
> >PAM, PAM to NT etc. but:
> >
> >Correct me if I'm wrong but PPP invokes PAM (and thus NT) only when using
> >PAP. PAP is far from secure as it sends password over net in plaintext so
my
> >users NT passwords would be floating around. Also if I use PAP I can't
have
> >MPPE.
> >
> >Thus if I want an encrypted VPN I need to use MSCHAPv2 (fine as clients
are
> >all W2k) but then I can't authenticate against NT.
> >
> >There are two reasons I want to authenticate against NT. Firstly I don't
> >want another place to have to administer usernames and passwords.
Secondly I
> >don't want a file with my users plaintext passwords lying around.
> >
> >As far as I can tell MSCHAP needs the secret to be in the chap-secrets
file.
> >I guess this is because the CHAP algorithm needs access to the secret
> >string? If so I am in a lose/lose situation.
> >
> >Does any of this make sense?
> >
> >Comments?
> >
> >Thanks,
> >AJ
> >
> >99 little bugs in the code, 99 bugs in the code,
> >  fix one bug, compile it again...
> >  101 little bugs in the code....
> >
> >_______________________________________________
> >pptp-server maillist  -  pptp-server at lists.schulte.org
> >http://lists.schulte.org/mailman/listinfo/pptp-server
> >List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list