Re: Problem dialing in w/AutoPPP/PAP! Help!

To: Sergio Talens-Oliag <sto@ivia.es>
Cc: Philip Hands <phil@hands.com>, debian-user@lists.debian.org
Subject: Re: Problem dialing in w/AutoPPP/PAP! Help!
From: Jeff Noxon <jeff@planetfall.com>
Date: Mon, 26 Jan 1998 13:53:01 -0600
Message-id: <[🔎] 19980126135301.60576@mystic>
In-reply-to: <[🔎] 19980126195917.48410@master>; from Sergio Talens-Oliag on Mon, Jan 26, 1998 at 07:59:17PM +0100
References: <[🔎] 16098.884858320@hands.com> <[🔎] 19980126195917.48410@master>

I started this whole thread, so I might as well chime in now.  :-)

On Mon, Jan 26, 1998 at 07:59:17PM +0100, Sergio Talens-Oliag wrote:
> On Thu, Jan 15, 1998 at 09:58:40AM +0000, Philip Hands wrote:
> > > I can verify that turning off shadow passwords fixes the PAP problem.
> > > This is unacceptable.  And it's already reported in bug 16044.  Oh well. 
> 
>   I've found the problem and it's really a silly thing: the binary
> package for ppp_2.3.2-2.deb is compiled without HAS_SHADOW. I've
> rebuilt it changing the file debian/rules adding 'HAS_SHADOW=1' to the
> second make (no PAM support):
> 
>   build:
>         $(checkdir)
>         ./configure
>         make USE_PAM=1
>         mv pppd/pppd pppd/pppd-pam
>         rm pppd/auth.o
>  >      make HAS_SHADOW=1
>         touch build
> 
> And it worked using pap-secrets:
> 
> * hostname "" *

FYI, I'm using lines like:

jeff	*	""	*
steve	*	""	*
tom	*	""	*

Since I don't want all my accounts to be PPP-able.

> It doesn't work without the leading * (maybe it's a bug in the
> pap-secrets parser, but it's not a real problem).

I don't think that's a bug.  I think the format is:

<username> <hostname or asterisk> "<password>" <ip address?>

> I don't know if a ppp-shadow package will be needed or if there's
> another way to build a debian package usable for SHADOW and not SHADOW
> systems (i've started with debian development only to see what
> happended with the ppp daemon, i'm sure that Phil should have the
> answer, but as he states, maybe PAM support is the way to do it).

I think the is the fundamental problem.  You can't have it both ways
without two different packages.  *BUT* the PAM version *should* work
both ways.  IMHO there should only be a PAM version.  Make that one work,
and forget the rest.  Is there a reason NOT to use PAM?

When I turned off Shadow to make PPP work, it broke checkpassword,
a binary used by Qmail's POP3 daemon.  I applied PAM patches to
checkpassword, and it now functions correctly whether Shadow is enabled
or not.

> > It this the case with ppp-pam installed ?
> 
> Yes, it fails for me, but i haven't used PAM before and i don't know
> where is the problem. If time permits i'll try to find the bug in the
> code.

Since I have PAM working with checkpassword, I don't know why it isn't
working with PPP.

> > I'd be interested to hear how people get on with PAM, since I don't use PAP 
> > for dial-in, so have trouble testing it.
> > 
> > BTW I'm hoping to get pppd to be able to detect the presence of libpam at 
> > run-time, and so get rid of the ppp-pam package in the future.
> 
> Phil, I'm able to test the PAP/PAM combo for dial-in easily, so if you
> want me to test any code just tell me.

Has anyone made PAM work with PPP?

Thanks

Jeff


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Problem dialing in w/AutoPPP/PAP! Help!
  - From: Sergio Talens-Oliag <sto@ivia.es>

References:
- Re: Problem dialing in w/AutoPPP/PAP! Help!
  - From: Philip Hands <phil@hands.com>
- Re: Problem dialing in w/AutoPPP/PAP! Help!
  - From: Sergio Talens-Oliag <sto@ivia.es>

Prev by Date: Re: [lesspipe]
Next by Date: Re: fdformat
Previous by thread: Re: Problem dialing in w/AutoPPP/PAP! Help!
Next by thread: Re: Problem dialing in w/AutoPPP/PAP! Help!
Index(es):
- Date
- Thread