v 0.1 gpk@onramp.net 3/27/99 I Intro This document covers the use of the modified "chat" program and its adjunct "chatchat" to login using the Security Dynamics SecurID card on a linux system. This set of files comprises a modified version of the chat program (the one distributed with ppp-2.3.5) and a new program called chatchat that allows you to supply data from the keyboard to the chat program. The SecurID card generates passwords that have a lifetime of one minute and are used as a first layer in dial up security. The only software I know of for this card is for windows, so I wrote my own. This software allows you to type in the time-sensitive password right when your chat script is asked to supply the passcode by the remote system. II How It Works This version of chat his an additional command that can be put into its options that says "Don't reply with this string. Open this pipe, read the contents, and reply with that instead." Chatchat creates a pipe and lets you type your passcode into it, then chat picks that up and sends it out just as though the passcode was hardcoded into the options. III Installation I've provided intel binaries and source code the the modified chat program and the chatchat program. I'll recommend that you copy the chat.c program into your ppp-2.3.5/chat directory (save your original chat.c program first!) and re-make it using the Makefile that comes with chat. Copy the new chat somewhere into your path. (On my system chat lives in /usr/sbin/chat, so I've copied the modified one into /usr/sbin/chat.new and changed my dial in script to call chat.new instead of chat. Second, compile chatchat.c and install it somewhere in your path: gcc -g -o chatchat chatchat.c cp chatchat /usr/sbin Third, modify your chat script to use the chatchat program. Mine looks something like this: -------------------- #!/bin/sh # # This is part 2 of the ppp-on script. It will perform the connection # protocol for the desired connection. # use atm0 to turn down the speaker volume on my sportster x2 voice modem # gpk 11/2/97 exec /usr/sbin/chat.new -V -v \ ABORT "BUSY" \ ABORT "NO DIAL TONE" \ ABORT "NO ANSWER" \ TIMEOUT 50 \ "" "atm0" \ OK ATDT$TELEPHONE \ CONNECT '' \ name: \\da0xxxxxx \ word: @/var/tmp/p \ compress. '' ----------------------- This is a standard chat script: * abort if the modem is busy, you don't get a dial tone, no one answers, or 50 seconds elapses. * use atm0 to mute the modem * dial the modem, when it connects, wait to be asked for account name * when we see "name:" prompt, delay briefly then respond with your account name (fill in your account name) Now we get to the new stuff: * when we see "word:" in the password prompt, instead of responding with "@/var/tmp/p", the modified chat program will open the pipe /var/tmp/p, read the passcode out of there, and send it * when we see "compress." (the last word before ppp starts), reply with nothing. The script ends and we start ppp. Note: * Make sure there is some whitespace between the filename and the \. IV Usage To use this install the modified chat and chatchat programs, and modify your chat script similar to the above. Before you dial in, start that chatchat program giving it the same pipe as in your config file. In the above case: chatchat /var/tmp/p Wait until you have one or two tick marks left on your card's current number, then start your dial up process that eventually calls chat. When chat goes to open and read the pipe, chatchat will prompt: type PIN into SecurID card and enter resulting passcode: At that point, type your PIN number into your Securid card, press the diamond, and type the resulting numbers in as your passcode. If you've left the -V -v options on your chat command you'll see everything so out, otherwise it works silently. If you type the number wrong or run out of time, the server will respond with an authentication failure. In that case you will have to hang up and start again. I don't know how to build a conditional script that says either expect "compress" next, but if you see "name:" again, do this instead. V Additional Information You can obtain additional information about chat and ppp from the man pages for chat and pppd, as well as the PPP-HOWTO.