[pptp-server] PPTP masquerade && MS non-compliance
Charlie Brady
charlieb at e-smith.com
Fri Jun 22 15:51:22 CDT 2001
On Fri, 22 Jun 2001, Jamin Collins wrote:
> Charlie Brady [mailto:charlieb at e-smith.com] wrote:
> > The same argument would apply to any other machine doing the
> > routing. That machine cannot control the authorization of
> > additional connections.
>
> Since when can a machine not control whether or not a connection is
> authorized?
The remote PPTP server does not delegate to some intermediate machine
which clients can connect to it through a multiplexed connection. That
intermediate machine can indeed control whether or not a connection is
authorized, but only by its (the intermediate machine's) policies, not by
the policies of the remote PPTP server.
> > I'm unaware of any extended authorization mechanisms which
> > are supported by the PPTP protocol.
>
> It doesn't need to be PPTP that controls the authentication. The machine
> that would be controlling the routing would control whether the connection
> was allowed or not.
But the remote PPTP server has not delegated those
authentication/authorization functions to the machine controlling the
routing.
If you have a solution to the problem which does not violate the existing
RFC, by all means go ahead and implement it. I don't think it is possible,
nor desirable, and I agree with Allan that bending and then changing the
rules seems to be a desirable thing to do.
--
Charlie Brady charlieb at e-smith.com
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
More information about the pptp-server
mailing list