PPP configuration

Alexander E. Patrakov patrakov at ums.usu.ru
Fri Apr 7 04:09:26 PDT 2006


Randy McMurchy wrote:
> On Fri, 2006-04-07 at 15:08 +0600, Alexander E. Patrakov wrote:
>> I have prepared some configuration notes on 
>> http://wiki.linuxfromscratch.org/blfs/wiki/PPP and I think they should be put 
>> into the book in some form.
> 
> With all due respect and consideration for your normally fine ideas and
> procedure, I must disagree with these instructions. I don't use dial-up,
> would never use it again, and I've never looked a the PPP or WVDial
> pages so I don't know how your instructions compare against these.
> 
> But I am from the school that says embedding unencrypted passwords
> in files on disks, especially in a public directory such as /etc, is
> a 'bad thing'. My opinion is that even embedded encrypted passwords 
> should be avoided.

1) The problem here is that the remote system must be convinced that the dialup 
user really knows a password. There is no option of storing only a hash of it, 
because otherwise pppd will be only able to prove that it knows a hash, not the 
real password.

2) Your comments exactly apply to the rp-pppoe and wvdial packages. They store 
the password in /etc/ppp/{pap,chap}-secrets, because there is no other way to 
tell the password to pppd <= 2.4.1. So my instructions are not worse in this 
aspect :)

There is indeed a way to ask the user for the password every time with ppp >= 
2.4.2, see below.

#!/bin/bash
# Begin /usr/bin/pon

# The use of bash is essential: we rely upon the "echo" being a builtin
# so that the password isn't visible through /proc

read -rsp "Password: " PASSWORD
echo "$PASSWORD" | /usr/sbin/pppd call "$@" plugin passwordfd.so passwordfd 0


# End /usr/bin/pon

I will add this to the Wiki if you think this is OK.

-- 
Alexander E. Patrakov



More information about the blfs-dev mailing list