[pptp-server] Windows sends "\\" in the login - chap-secrets

Neale Banks neale at lowendale.com.au
Tue May 15 17:24:57 CDT 2001


On Tue, 15 May 2001, Jose de Paula E. Junior wrote:

> I'm using poptop in my ISP, and I have 120 clients using the system 
> right now. Poptop is doing fine the job.
> 
> But, sometimes, the windows clients start to send a \\ before the login, 
> and the client can't connect (no MSCHAP found for authenticating 
> \\client...)
> 
> Somebody see this happening? Solutions?

As has been pointed out, this is a known "challenge" and there are patches
around to strip this cruft (sorry, don't have a pointer at hand).

> And about chap-secrets, the pppd can only authenticate using this file? 
> It's really hard to make programs that manipulate the chap-secrets, and 
> my clients want to change passwords and things like this via a web 
> interface or something like that...

With CHAP, the absolute requirement is that the CHAP routines have the
plaintext password available - as you've pointed out pppd's out-of-the-box
answer to this is the chap-secrets file.  It's also a Good Idea to protect
these plaintexts from prying eyes ;-)

In theory, you should be able to substitute any other mechanism (obviously
paying due respect to security) so long as it returns said plaintext
password.  Whilst conventional PAM is not an answer (AFAIK it returns
success or failure rather than the password) it looks to me that it should
be possible to write what might be called "Pluggable Chap Modules" - each
module having a different back-end access to the plaintext.

HTH,
Neale.




More information about the pptp-server mailing list