Re: Problem dialing in w/AutoPPP/PAP! Help!
I started this whole thread, so I might as well chime in now. :-)
On Mon, Jan 26, 1998 at 07:59:17PM +0100, Sergio Talens-Oliag wrote:
> On Thu, Jan 15, 1998 at 09:58:40AM +0000, Philip Hands wrote:
> > > I can verify that turning off shadow passwords fixes the PAP problem.
> > > This is unacceptable. And it's already reported in bug 16044. Oh well.
>
> I've found the problem and it's really a silly thing: the binary
> package for ppp_2.3.2-2.deb is compiled without HAS_SHADOW. I've
> rebuilt it changing the file debian/rules adding 'HAS_SHADOW=1' to the
> second make (no PAM support):
>
> build:
> $(checkdir)
> ./configure
> make USE_PAM=1
> mv pppd/pppd pppd/pppd-pam
> rm pppd/auth.o
> > make HAS_SHADOW=1
> touch build
>
> And it worked using pap-secrets:
>
> * hostname "" *
FYI, I'm using lines like:
jeff * "" *
steve * "" *
tom * "" *
Since I don't want all my accounts to be PPP-able.
> It doesn't work without the leading * (maybe it's a bug in the
> pap-secrets parser, but it's not a real problem).
I don't think that's a bug. I think the format is:
<username> <hostname or asterisk> "<password>" <ip address?>
> I don't know if a ppp-shadow package will be needed or if there's
> another way to build a debian package usable for SHADOW and not SHADOW
> systems (i've started with debian development only to see what
> happended with the ppp daemon, i'm sure that Phil should have the
> answer, but as he states, maybe PAM support is the way to do it).
I think the is the fundamental problem. You can't have it both ways
without two different packages. *BUT* the PAM version *should* work
both ways. IMHO there should only be a PAM version. Make that one work,
and forget the rest. Is there a reason NOT to use PAM?
When I turned off Shadow to make PPP work, it broke checkpassword,
a binary used by Qmail's POP3 daemon. I applied PAM patches to
checkpassword, and it now functions correctly whether Shadow is enabled
or not.
> > It this the case with ppp-pam installed ?
>
> Yes, it fails for me, but i haven't used PAM before and i don't know
> where is the problem. If time permits i'll try to find the bug in the
> code.
Since I have PAM working with checkpassword, I don't know why it isn't
working with PPP.
> > I'd be interested to hear how people get on with PAM, since I don't use PAP
> > for dial-in, so have trouble testing it.
> >
> > BTW I'm hoping to get pppd to be able to detect the presence of libpam at
> > run-time, and so get rid of the ppp-pam package in the future.
>
> Phil, I'm able to test the PAP/PAM combo for dial-in easily, so if you
> want me to test any code just tell me.
Has anyone made PAM work with PPP?
Thanks
Jeff
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: