Re: PAP authentication server names

To: David Wright <D.Wright@open.ac.uk>
Cc: debian-user@lists.debian.org
Subject: Re: PAP authentication server names
From: "Jens B. Jorgensen" <jjorgens@bdsinc.com>
Date: Thu, 12 Feb 1998 10:15:25 -0600
Message-id: <[🔎] 34E3201D.B98883AC@bdsinc.com>
References: <[🔎] Pine.SOL.3.91.980206171702.15640A-100000@tyne>

The local name is there for completeness. When you're using it for dial-out it's
very important, especially if you dial out to more than one place. You then set
the local name to be used on the pppd command line. For dial-in you could also use
it to set a different set of authentication for different lines. You might use
this to reserve a certain line for certain people. The name which is used for this
is really arbitrary, except perhaps in the sense that pppd uses certain default
values for this name if it isn't specified explicitly on the command line or in
the options files.

David Wright wrote:

> Thanks to Tim, Joost and Carey for the callback suggestions. I guess the
> log contains the server's innocent reflection of the login name (which is
> secret) and to change this would require a change in the way mgetty's
> callback worked. BTW I don't have HANGUP in my man chat, so I guess I'm
> slightly behind the current version.
>
> A related question:
>
> I'm trying to set up PPP with reasonably secure PAP authentication, and
> I'm using AutoPPP in mgetty. I have worked out how to set user= and
> password= at both ends with mgetty/login.config, my pppd command and
> pap-secrets; and the etc/passwd checks it ok.
>
> But I don't really understand how the second field of pap-secrets works
> at all. The file installed by ppp has
>
> # INBOUND
> * os ""
> #OUTBOUND
> os * password
>
> and I added
> pppppppp * password-for-pppppppp
> which works if there's a user pppppppp with password password-for-pppppppp
> on the computer at the other end.
>
> I don't really understand what "os" means in the first line. The
> documentation implies it ought to be the local name, but I don't
> knowingly have anything set to os. And anyway, nothing changes if I
> comment out this line.
>
> On the other hand, I've had no success at making a connection if my added
> line has anything other than * in the second field. I've tried
> appropriate hostnames and usernames in
> that position, and I've also tried putting foo there and adding
> remotename foo to the pppd command line but if it's not * then no PAP is
> sent from this end.
>
> What do other people have in their pap-secrets? (without revealing any
> real secrets!)

--
Jens B. Jorgensen
jjorgens@bdsinc.com



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- PAP authentication server names
  - From: David Wright <D.Wright@open.ac.uk>

Prev by Date: Re: Debian on laptops; recommended?
Next by Date: Re: smail, HELO hostname without dot
Previous by thread: PAP authentication server names
Next by thread: smail, HELO hostname without dot
Index(es):
- Date
- Thread