Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Anyone good with PPP or PAP?
Results 1 to 6 of 6

Thread: Anyone good with PPP or PAP?

Hybrid View

  1. #1

    Anyone good with PPP or PAP?

    Hello all. I posted something a while back about a dial up password and it seemed no one could help me. I have been looking all over the place and found nothing. I did however come up with this idea. Putting people I want to have access in through the modem line by adding them in /etc/ppp/pap-secrets. (ex. johndoe * passwd * )Also adding the lines require-pap refuse-chap to ppoe-server-options and taking out the login entry. BUT, I can still log in as any user on the system even though I thought I only gave access to johndoe. I just don't get it. I hope someone knows. Thanks in advance.


  2. #2
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Anyone good with PPP or PAP?

    This is a thought, and possibly wayyyy off (in even logic as well). But here it goes.

    Isnt there a file like hosts-deny and hosts-allow that allows you to specify hosts that are allowed/not allowed to connect? what if you setup just the LAN, and your remote PC to be allowed, all else denied? I am wary of this only because, I am not sure if the file requires IP's or hostname, both of which can be overcome by someone who knows their stuff.

    I dunno, its a thought. I suppose this is a project that I should look into. It sounds like I may need something like this in the future. An admin ppp conection is something that may be beneficial.

  3. #3

    Re:Anyone good with PPP or PAP?

    What a great idea Andrew, I didn't try it yet but from what I have found on the net it seems like it will work. I always seem to look over the stuff the is under my nose. I'm gonna put
    ALL:"ip address" in my host.allow and ALL:ALL in my host.deny. Think that will do the trick?

  4. #4

    Re:Anyone good with PPP or PAP?

    Well I must be thinking too much today but this isn't going to work. I wasn walkink back from lunch and said "umm, the serial line has no clue what my ip address is" hence to workie. I think my brain is mush. Got any other thoughts?

  5. #5

    Re:Anyone good with PPP or PAP?

    I'm not sure if this will interest you, but I have seen systems where a user can dial in, is authenticated, the connection is dropped, and the server calls the client machine back on a specific telephone number. This means, that even if I guess your password, I cannot login to the server without using your telephone line. Here is one article that I found:
    http://www.tldp.org/HOWTO/mini/Call-back-2.html
    I don't know if it's the best guide, but google scored a number of hits for "ppp callback server".
    Of course, this is useless if you want to be able to call in from anywhere.

  6. #6
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:Anyone good with PPP or PAP?

    [quote author=datamike link=board=4;threadid=4860;start=0#48497 date=1031254540]
    What a great idea Andrew, I didn't try it yet but from what I have found on the net it seems like it will work. I always seem to look over the stuff the is under my nose. I'm gonna put
    ALL:"ip address" in my host.allow and ALL:ALL in my host.deny. Think that will do the trick?
    [/quote]

    whatabout this?

    /edit/
    oh, duh, almost forgot this part --> its a clip from man hosts.allow <

    kinda needed that, otherwise you may be wondering where the hell I grabbed the snippet from ...... I amaze myself sometimes with my stupidity....


    CLIENT USERNAME LOOKUP
    When the client host supports the RFC 931 protocol or one of its descendants (TAP, IDENT, RFC 1413) the wrapper programs
    can retrieve additional information about the owner of a connection. Client username information, when available, is
    logged together with the client host name, and can be used to match patterns like:

    daemon_list : ... user_pattern@host_pattern ...

    The daemon wrappers can be configured at compile time to perform rule-driven username lookups (default) or to always
    interrogate the client host. In the case of rule-driven username lookups, the above rule would cause username lookup
    only when both the daemon_list and the host_pattern match.

    A user pattern has the same syntax as a daemon process pattern, so the same wildcards apply (netgroup membership is not
    supported). One should not get carried away with username lookups, though.

    o The client username information cannot be trusted when it is needed most, i.e. when the client system has been
    compromised. In general, ALL and (UN)KNOWN are the only user name patterns that make sense.

    o Username lookups are possible only with TCP-based services, and only when the client host runs a suitable daemon;
    in all other cases the result is "unknown".

    o A well-known UNIX kernel bug may cause loss of service when username lookups are blocked by a firewall. The wrap-
    per README document describes a procedure to find out if your kernel has this bug.

    o Username lookups may cause noticeable delays for non-UNIX users. The default timeout for username lookups is 10
    seconds: too short to cope with slow networks, but long enough to irritate PC users.

    Selective username lookups can alleviate the last problem. For example, a rule like:

    daemon_list : @pcnetgroup ALL@ALL

    would match members of the pc netgroup without doing username lookups, but would perform username lookups with all other
    systems.

Similar Threads

  1. SP2: is it good for go ??
    By Larry in forum Windows - General Topics
    Replies: 2
    Last Post: 12-12-2004, 08:27 PM
  2. a good os for me ol 486!
    By cj171 in forum Linux - General Topics
    Replies: 13
    Last Post: 07-17-2002, 04:05 PM
  3. How good is the G4??
    By thor4linux in forum Linux Distros
    Replies: 4
    Last Post: 07-12-2002, 04:01 AM
  4. What MB is a good one ??
    By Compunuts in forum Linux - Hardware, Networking & Security
    Replies: 18
    Last Post: 05-04-2002, 03:23 AM
  5. What MB is a good one ??
    By Compunuts in forum General Chat
    Replies: 2
    Last Post: 04-29-2002, 08:26 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •