Implementing limitations on dial-in PPP

To: <debian-user@lists.debian.org>
Subject: Implementing limitations on dial-in PPP
From: "Joe Emenaker" <jemenake@calpoly.edu>
Date: Tue, 29 Oct 1996 03:32:06 -0800
Message-id: <"NvgBg1.0.HS6.lxUTo"@master.debian.org>

Now that I've got dial-in PPP working, I was wondering if anyone has
implemented any ways of limiting how clients can connect with it. In
particular, I'd like to:
- Limit how many simultaneous PPP sessions a user is running (to keep them
from buying one account and letting 12 friends browse the web with one
id/password pair).
- Put time limits on PPP sessions. For example, 4 hours and then you get
booted off.

I figure both of these are fairly easy to do with a wrapper that would be
executed at login and would decide whether or not to run pppd or to boot
the user off. I just wanted to know if anyone's already done it.

Something else I was interested in was being able to limit particular users
to only the site they dialed into (ie, no proxyarp). However, the method
for doing this suggested in most of the HOWTO's and examples I've seen
suggest putting this in a .ppp file in the user's directory. This seems
terribly insecure to me, since the user could either edit the file or (if
it's read-only) delete it (since they have write access to their own
directory) and write a new one.

I seem to recall that pppd accepts putting the name of the options file on
the command line, so, I could apparently just have two options files, one
called "limited-access" and one called "full-access" and have the wrapper
figure out which one to access.

- Joe

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Prev by Date: Re: packages install
Next by Date: Example dial script for diald to call ppp PLEASE
Previous by thread: Re: compatibility problem with bash?
Next by thread: Example dial script for diald to call ppp PLEASE
Index(es):
- Date
- Thread