[pptp-server] Authenticating using CHAP and PAM
Christopher Tresco
ctresco at mit.edu
Thu Apr 5 09:13:39 CDT 2001
duh..
http://linus.yi.org
Sorry.
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher
> Tresco
> Sent: Thursday, April 05, 2001 10:11 AM
> To: AJ Ostergaard; Michael Lantzen; pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] Authenticating using CHAP and PAM
>
>
> You need to goto http://linux.yi.org and read up...
>
>
>
>
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of AJ Ostergaard
> > Sent: Thursday, April 05, 2001 9:21 AM
> > To: Michael Lantzen; pptp-server at lists.schulte.org
> > Subject: Re: [pptp-server] Authenticating using CHAP and PAM
> >
> >
> > Thanks for that. I'll start getting samba installed right away
> but I can't
> > fathom what the entry that links chap-secrets to smbpasswd would
> > look like.
> > Aren't the entries in smbpasswd encrypted? If so can CHAP use them?
> >
> > AJ
> >
> > ----- Original Message -----
> > From: "Michael Lantzen" <lantzen at alife.de>
> > To: "AJ Ostergaard" <ostergaard at cubbyhole.net>;
> > <pptp-server at lists.schulte.org>
> > Sent: Thursday, April 05, 2001 2:07 PM
> > Subject: Re: [pptp-server] Authenticating using CHAP and PAM
> >
> >
> > > I just asked the same yesterday. The only way to go is to use samba to
> > > mirror the passwords onto the linux box and put an entry into the
> > > chap-secrets that links to the smbpasswd. As far as i know
> > thats the only
> > > way to currently get the functionality you want and not having the
> > > passwords unencrypted in any place.
> > >
> > > bye
> > > Michael
> > > At 12:07 05.04.2001 +0100, AJ Ostergaard wrote:
> > > >Hello all,
> > > >
> > > >I am trying to set-up a secure VPN for remote users to access our
> > internal
> > > >networks and have everything working in terms of MPPE, PAP,
> > CHAP, PPP to
> > > >PAM, PAM to NT etc. but:
> > > >
> > > >Correct me if I'm wrong but PPP invokes PAM (and thus NT) only
> > when using
> > > >PAP. PAP is far from secure as it sends password over net in
> > plaintext so
> > my
> > > >users NT passwords would be floating around. Also if I use
> PAP I can't
> > have
> > > >MPPE.
> > > >
> > > >Thus if I want an encrypted VPN I need to use MSCHAPv2 (fine
> as clients
> > are
> > > >all W2k) but then I can't authenticate against NT.
> > > >
> > > >There are two reasons I want to authenticate against NT.
> > Firstly I don't
> > > >want another place to have to administer usernames and passwords.
> > Secondly I
> > > >don't want a file with my users plaintext passwords lying around.
> > > >
> > > >As far as I can tell MSCHAP needs the secret to be in the
> chap-secrets
> > file.
> > > >I guess this is because the CHAP algorithm needs access to the secret
> > > >string? If so I am in a lose/lose situation.
> > > >
> > > >Does any of this make sense?
> > > >
> > > >Comments?
> > > >
> > > >Thanks,
> > > >AJ
> > > >
> > > >99 little bugs in the code, 99 bugs in the code,
> > > > fix one bug, compile it again...
> > > > 101 little bugs in the code....
> > > >
> > > >_______________________________________________
> > > >pptp-server maillist - pptp-server at lists.schulte.org
> > > >http://lists.schulte.org/mailman/listinfo/pptp-server
> > > >List services provided by www.schulteconsulting.com!
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list