[pptp-server] Authenticating using CHAP and PAM

Christopher Tresco ctresco at mit.edu
Thu Apr 5 09:10:40 CDT 2001 

You need to goto http://linux.yi.org and read up...




> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of AJ Ostergaard
> Sent: Thursday, April 05, 2001 9:21 AM
> To: Michael Lantzen; pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] Authenticating using CHAP and PAM
>
>
> Thanks for that. I'll start getting samba installed right away but I can't
> fathom what the entry that links chap-secrets to smbpasswd would
> look like.
> Aren't the entries in smbpasswd encrypted? If so can CHAP use them?
>
> AJ
>
> ----- Original Message -----
> From: "Michael Lantzen" <lantzen at alife.de>
> To: "AJ Ostergaard" <ostergaard at cubbyhole.net>;
> <pptp-server at lists.schulte.org>
> Sent: Thursday, April 05, 2001 2:07 PM
> Subject: Re: [pptp-server] Authenticating using CHAP and PAM
>
>
> > I just asked the same yesterday. The only way to go is to use samba to
> > mirror the passwords onto the linux box and put an entry into the
> > chap-secrets that links to the smbpasswd. As far as i know
> thats the only
> > way to currently get the functionality you want and not having the
> > passwords unencrypted in any place.
> >
> > bye
> > Michael
> > At 12:07 05.04.2001 +0100, AJ Ostergaard wrote:
> > >Hello all,
> > >
> > >I am trying to set-up a secure VPN for remote users to access our
> internal
> > >networks and have everything working in terms of MPPE, PAP,
> CHAP, PPP to
> > >PAM, PAM to NT etc. but:
> > >
> > >Correct me if I'm wrong but PPP invokes PAM (and thus NT) only
> when using
> > >PAP. PAP is far from secure as it sends password over net in
> plaintext so
> my
> > >users NT passwords would be floating around. Also if I use PAP I can't
> have
> > >MPPE.
> > >
> > >Thus if I want an encrypted VPN I need to use MSCHAPv2 (fine as clients
> are
> > >all W2k) but then I can't authenticate against NT.
> > >
> > >There are two reasons I want to authenticate against NT.
> Firstly I don't
> > >want another place to have to administer usernames and passwords.
> Secondly I
> > >don't want a file with my users plaintext passwords lying around.
> > >
> > >As far as I can tell MSCHAP needs the secret to be in the chap-secrets
> file.
> > >I guess this is because the CHAP algorithm needs access to the secret
> > >string? If so I am in a lose/lose situation.
> > >
> > >Does any of this make sense?
> > >
> > >Comments?
> > >
> > >Thanks,
> > >AJ
> > >
> > >99 little bugs in the code, 99 bugs in the code,
> > >  fix one bug, compile it again...
> > >  101 little bugs in the code....
> > >
> > >_______________________________________________
> > >pptp-server maillist  -  pptp-server at lists.schulte.org
> > >http://lists.schulte.org/mailman/listinfo/pptp-server
> > >List services provided by www.schulteconsulting.com!
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list