KPPP fixes, derived from #126406
Hello,
To deal with the problems users are having configuring KPPP, I've put
together some small patches (based on the ideas, not my own, discussed in
Bug #126406) that should resolve these issues. The patches are attached
to the e-mail I sent to 126406@bugs.debian.org, which for some reason
hasn't been CCed to debian-qt-kde.
There are two distinct problems. KPPP must be SUID root, in order for PAP
and/or CHAP authentication to work, given the way KPPP operates. This is
unavoidable (it creates and moves files around in /etc/ppp). I've set
kppp to be 4754 root.dip (the same permissions as pppd), so membership in
the dip group is still needed to execute kppp.
Even when SUID, however, the custom pppd argument "noauth" doesn't
actually seem to have an effect, for some odd reason, and setting
"noauth" is necessary. Since having users edit /etc/ppp/options is bad
and cumbersome, I've added a work-around, /etc/ppp/peers/kppp-options,
which contains the string "noauth", and which is used by giving kppp the
default custom pppd argument "call kppp-options". When done this way, the
noauth option actually takes effect.
Also, I've elevated ppp from a Recommends to a dependency, since many
(most? all?) dial-up connections will need it, and this keeps things easy
and simple for users. Finally, I've removed the segment of documentation
which instructed users to modify /etc/ppp/options.
With these changes, KPPP should "just work" without any mucking around
whatsoever, except for configuration of the modem itself (symlinks, dev
node creation if necessary, etc.).
Christopher Martin
Reply to: