Bug#126406: kppp: Alternative for using noauth as suggested by README
Hello.
On April 22, 2004 19:01, Achim Bohnet wrote:
> I got a laptop with a working modem card working on linux to fix some
> problems. And realized
>
> o noauth is already the default additional pppd option
>
> o only possibility (I found) to get kpp to work with
> pap/chap is to suid it to root because kppp writes
> stuff to /etc/ppp/{pap,chap}-secrets (cp,modify,rename AFIAR)
> (looks like worth another bug report)
This is true, as far as I can tell.
> I don't have access to the laptop anymore. So could you please try if
>
> 'noauth' instead of 'call kppp-options' works if you do
>
> dpkg-statoverride --force --add root 4754 root dip /usr/sbin/kppp #
> permanent or
> chmod 4754 /usr/sbin/kppp # until next kppp upgrade
> ?
Unfortunately, this still doesn't work. Even when kppp is 4754 root.dip,
the pppd doesn't consider kppp's custom "noauth" argument privileged - I
don't get a connection unless I manually change auth --> noauth
in /etc/ppp/options.
The solution that works for me is to combine your two ideas:
1) make /usr/bin/kppp 4754 root.dip (so {chap,pap}-secrets can be changed)
2) add /etc/ppp/peers/kppp-options (640 root.dip), containing "noauth"
3) change kppp's default custom pppd argument from "noauth" to "call
kppp-options"
This works for my PAP/CHAP connection. Unless I've missed something, if we
implement these three changes, then all that end users need to do to get
kppp working is add themselves to the dip group, and maybe set
up /dev/modem. The dialout group is not needed, and /etc/ppp/options is
not altered.
> I really suspect now that noauth okay but suid bit is missing.
> If I miss the trick to the get PAP and/or CHAP working with
> only sgid dip, please let me know.
Let me know too... I don't like the idea of making kppp SUID root, but it
seems necessary. Comments?
BTW, why is ppp only a Recommends? Surely it should be a Depends?
Cheers,
Christopher Martin
Reply to: