[pptp-server] PPTP masquerade && MS non-compliance

Charlie Brady charlieb at e-smith.com
Fri Jun 22 15:51:22 CDT 2001


On Fri, 22 Jun 2001, Jamin Collins wrote:

> Charlie Brady [mailto:charlieb at e-smith.com] wrote:
> > The same argument would apply to any other machine doing the
> > routing. That machine cannot control the authorization of
> > additional connections.
>
> Since when can a machine not control whether or not a connection is
> authorized?

The remote PPTP server does not delegate to some intermediate machine
which clients can connect to it through a multiplexed connection. That
intermediate machine can indeed control whether or not a connection is
authorized, but only by its (the intermediate machine's) policies, not by
the policies of the remote PPTP server.

> > I'm unaware of any extended authorization mechanisms which
> > are supported by the PPTP protocol.
>
> It doesn't need to be PPTP that controls the authentication.  The machine
> that would be controlling the routing would control whether the connection
> was allowed or not.

But the remote PPTP server has not delegated those
authentication/authorization functions to the machine controlling the
routing.

If you have a solution to the problem which does not violate the existing
RFC, by all means go ahead and implement it. I don't think it is possible,
nor desirable, and I agree with Allan that bending and then changing the
rules seems to be a desirable thing to do.

-- 

  Charlie Brady                         charlieb at e-smith.com
  http://www.e-smith.org (development)  http://www.e-smith.com (corporate)
  Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739
  e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada






More information about the pptp-server mailing list