Restricting use

"liberty" (liberty@netport.net)
Fri, 5 Nov 1999 12:55:17 -0800
Messages sorted by:[ date ][ thread ][ subject ][ author ]
This is a multi-part message in MIME format.

------=_NextPart_000_0007_01BF278D.02B2AF80
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi Gert,
Thanks for a great program.
Perhaps you can offer me some advise:
My setup is as follows;
1. Linux-Mandrake 6.1 ...kernel 2.2.13
2. pppd 2.3.10 (had to recompile it to get wtmp/utmp to see user names =
properly with a "who" =20
    otherwise I just got "a_ppp" as all users).
3.mgetty 1.1.14
4. /etc/ppp/options =3D
    auth
    login
    crtscts
    require-pap
    refuse-chap
    modem
    defaltroute
    asyncmap 0
    mru 542
    mtu 542
    netmask 255.255.255.0
    ms-dns x.x.x.x
    idle 9600
    lock
5. /etc/ppp/pap-secrets
    *    *    ""    *
6. /etc/ppp/options.ttyCx
    192.168.1.1:192.168.1.xxx
7. /etc/inittab
    a1:345:respawn:/sbin/mgetty -n 1 -D /dev/ttyCx 115200
8. Shadow passwords.

All this seems to work fine, although I'm not sure if I have too much or =
too little in /etc/options ( please advise)

What I need to add is a way to allow dial-in access only to certain =
users. Can I make pppd owned by a group like "pppusers" add those =
allowed users to this group thereby disallowing those users not in the =
group "pppusers" to gain dial-in access?
 Is there a better way for this?
In other words, I want to allow some users dial-in access and not =
others. I guess I could do this with /etc/pap-secrets but then the =
passwords are not as secure.=20
Thanks again,
 Keith=20

------=_NextPart_000_0007_01BF278D.02B2AF80
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3401" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi Gert,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Thanks for a great =
program.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Perhaps you can offer me some =
advise:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>My setup is as follows;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>1. Linux-Mandrake 6.1 ...kernel =
2.2.13</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>2. pppd 2.3.10 (had to recompile it to =
get=20
wtmp/utmp to see user names properly with a "who"&nbsp; </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; otherwise I just got =
"a_ppp" as=20
all users).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>3.mgetty 1.1.14</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>4. /etc/ppp/options =3D</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; auth</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; login</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; crtscts</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; =
require-pap</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; =
refuse-chap</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; modem</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; =
defaltroute</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; asyncmap =
0</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; mru 542</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; mtu 542</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; netmask=20
255.255.255.0</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; ms-dns =
x.x.x.x</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; idle =
9600</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; lock</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>5. /etc/ppp/pap-secrets</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; *&nbsp;&nbsp;&nbsp;=20
*&nbsp;&nbsp;&nbsp; ""&nbsp;&nbsp;&nbsp; *</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>6. /etc/ppp/options.ttyCx</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp;=20
192.168.1.1:192.168.1.xxx</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>7. /etc/inittab</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; =
a1:345:respawn:/sbin/mgetty -n 1=20
-D /dev/ttyCx 115200</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>8. Shadow passwords.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>All this seems to work fine, although =
I'm not sure=20
if I have too much or too little in /etc/options ( please =
advise)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>What I need to add is a way to allow =
dial-in access=20
only to certain users. Can I make pppd owned by a group=20
like&nbsp;"pppusers"&nbsp;add those allowed users to this group thereby=20
disallowing those users not in the group "pppusers" to gain&nbsp;dial-in =

access?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;Is there a better way for =
this?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>In other words, I want to allow some =
users dial-in=20
access and not others. I guess I could do this with /etc/pap-secrets but =
then=20
the passwords are not as secure.&nbsp;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Thanks again,</FONT></DIV>
<DIV><FONT face=3DArial =
size=3D2>&nbsp;Keith</FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0007_01BF278D.02B2AF80--