Re: RAS on an NT box.

[Philip Hands <phil@hands.com>]

> > You need to enable ms_chap in PPP --- see README.MSCHAP80
> 
> Thanks...read it. Is there any reason, besides the libraries that this
> hasn't been simply built into our standard ppp package?

Not that I've noticed.

> How much bigger does it get if you static link libpam and libdes?

I thought that was considered a Bad Thing.

There is really no need for PAM on the boot disks, since this is only required 
when running PPP at the server end, for authenticating logins.

The MSCHAP thing only seems to need libcrypt, which is part of libc6 anyway 
(and so presumably is on the base disks), so I probably only need to exclude 
the pam stuff from the cut down version.

I suppose that if ISP's are going to start using MSCHAP, then the boot disks 
need to support it, so that people can log on to do an install.  Is this 
actually happening ?

It seems from the README.MSCHAP80 that NT RAS can be configured to accept real 
CHAP rather than insisting on only accepting MSCHAP.  It might be better to 
mention that this option is available, and that the Microsoft tweaks don't 
provide any extra security, rather than helping to propagate their FUD.

Personally, I'd rather not encourage the use of M$ warm-and-cuddly 
``security'' software, but if people are actually being prevented from 
installing Debian, I guess we'll have to :-(

Cheers, Phil.



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .