Bug#126406: kppp: Alternative for using noauth as suggested by README

To: Ernst Kloppenburg <ernst.kloppenburg@gmx.de>
Cc: Dominique Devriese <dominique.devriese@student.kuleuven.ac.be>, 126406@bugs.debian.org
Subject: Bug#126406: kppp: Alternative for using noauth as suggested by README
From: Achim Bohnet <ach@mpe.mpg.de>
Date: Fri, 23 Apr 2004 01:01:52 +0200
Message-id: <[🔎] 200404230101.52383.ach@mpe.mpg.de>
Reply-to: Achim Bohnet <ach@mpe.mpg.de>, 126406@bugs.debian.org
In-reply-to: <[🔎] 20040422053637.GA3990@rechner4.zuhause.de>
References: <[🔎] E1BDqpY-0000z2-00@rechner4.zuhause.de> <[🔎] 200404210029.54631.ach@mpe.mpg.de> <[🔎] 20040422053637.GA3990@rechner4.zuhause.de>

On Thursday 22 April 2004 07:36, Ernst Kloppenburg wrote:
> On Wed, Apr 21, 2004 at 00:29:54 +0200, Achim Bohnet wrote:
> > 
> > FWIW here's my alternative:
> > to avoid setting noauth in /etc/peer/options I use
> > 
> > allee[0] ~ # cat /etc/ppp/peers/kppp-options
> > noauth
> > 
> > and added 'call kppp-options' to kppps 'Customize pppd arguments'
> > option.
> > 
> > I assume that it would not be compilicated to patch kppp to
> > add 'call kppp-options' as default for new connections and
> > include the simple /etc/ppp/peers/kppp-option to the kppp pkg.
> > 
> 
> yes, this seems to be the real solution. Better than any advice in a
> README. Who would make the change?

Well, pkgs maintainer always get a copy if one CC <bug-#@b.d.o> ;)

I got a laptop with a working modem card working on linux to fix some
problems.  And realized

	o noauth is already the default additional pppd option

	o only possibility (I found) to get kpp to work with
	  pap/chap is to suid it to root because kppp writes
	  stuff to /etc/ppp/{pap,chap}-secrets (cp,modify,rename AFIAR)
	  (looks like worth another bug report)

I don't have access to the laptop anymore.  So could you please try if

'noauth' instead of 'call kppp-options' works if you do

	dpkg-statoverride --force --add  root 4754 root dip /usr/sbin/kppp # permanent
or
	chmod 4754 /usr/sbin/kppp  # until next kppp upgrade
?

At least here in Germany all ISP require either PAP or CHAP
authentification (guess somewhere else too) and this makes
kppp unusable as it is now (kppp in 2.* was setuid root AFAIR
and 2.* was done by Ivan who also wrote the README.  Hmm..., aaahhh
http://lists.debian.org/debian-kde/2003/debian-kde-200303/msg00339.html
http://lists.debian.org/debian-kde/2003/debian-kde-200303/msg00316.html
http://lists.debian.org/debian-kde/2003/debian-kde-200310/msg00076.html
;)

I really suspect now that noauth okay but suid bit is missing.
If I miss the trick to the get PAP and/or CHAP working with
only sgid dip, please let me know.

Achim
P.S. When suid root is the route to go I would vote to keep
    'noauth' instead of my 'call kppp-options' because it more secure.

> 
> E. Kloppenburg
> 
> -- 
> Ernst Kloppenburg
> Stuttgart, Germany
> 
> 
> 

-- 
  To me vi is Zen.  To use vi is to practice zen. Every command is
  a koan. Profound to the user, unintelligible to the uninitiated.
  You discover truth everytime you use it.
                                      -- reddy@lion.austin.ibm.com

Reply to:

Follow-Ups:
- Bug#126406: kppp: Alternative for using noauth as suggested by README
  - From: Christopher Martin <christopher.martin@utoronto.ca>

References:
- Bug#126406: kppp: Alternative for using noauth as suggested by README
  - From: Ernst Kloppenburg <ernst.kloppenburg@gmx.de>
- Bug#126406: kppp: Alternative for using noauth as suggested by README
  - From: Achim Bohnet <ach@mpe.mpg.de>
- Bug#126406: kppp: Alternative for using noauth as suggested by README
  - From: Ernst Kloppenburg <ernst.kloppenburg@gmx.de>

Prev by Date: Processed: tagging
Next by Date: Bug#242519: Workaround
Previous by thread: Bug#126406: kppp: Alternative for using noauth as suggested by README
Next by thread: Bug#126406: kppp: Alternative for using noauth as suggested by README
Index(es):
- Date
- Thread