[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ppp security problem?


I just removed and reinstalled ppp and ppp-pam to check this problem
wasn't caused by me modifying the configuration. The pap-secrets file
claims that the options file should have the login option enabled or
users will be able to login without a password. The options file does
not have the option enabled. The options file does claim that mgetty
provides this option. It seems like the descriptions need to be changed
or there is a security problem. Any comments before I file a bug?

# ATTENTION: The definitions here can allow users to login without a
# password if you dont use the login option of pppd!
# The /etc/ppp/options file installed has the login option enabled

# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont work.
# login

Lee Bradshaw                 lee@sectionIV.com (preferred)
Alantro Communications       lee@alantro.com

Reply to: