[pptp-server] RE: PAM is a very bad fit for pppd
Vladimir Strezhnev
vlast at indivisuallearning.com
Fri Nov 30 11:13:11 CST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steve,
Could you (or anybody on the list) explain more specifically why it is so.
We're using ppp pam module on Linux dialup server, which (the module) is
configured to authenticate - via pam_winbind.so - on W2K Domain Controller.
All accounts on W2K DC that are not in the embargo file checked by
pam_listfile.so module are able to use dialup.
(It is nothing to do with pptp - just plain dialup ppp with pap
authentication)
Do you think it is insecure and why?
> pppd actually doesn't use PAM at all for this, by default; PAM is a very
> bad fit for pppd, so the upstream source includes its own module API
> that provides hooks for other /PAP/ authenticators.
> Cheers,
> Steve Langasek
> postmodern programmer
- --
VLADIMIR STREZHNEV
System Engineer
IndiVisual Learning, LLC
St. Paul, MN
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBPAe+J75tPDt+Qc/uEQLtNACgxSqlzNqG3s0AcsHD9tO93oacZP0AoPI/
7ltVJ9NvQUo6RZPYfpl+FPxs
=XoDx
-----END PGP SIGNATURE-----
More information about the pptp-server
mailing list