--- /dev/null
+v 0.1 gpk@onramp.net 3/27/99
+
+I Intro
+
+ This document covers the use of the modified "chat" program and its
+adjunct "chatchat" to login using the Security Dynamics SecurID card
+on a linux system.
+
+ This set of files comprises a modified version of the chat program
+(the one distributed with ppp-2.3.5) and a new program called chatchat
+that allows you to supply data from the keyboard to the chat program.
+
+ The SecurID card generates passwords that have a lifetime of one
+minute and are used as a first layer in dial up security. The only
+software I know of for this card is for windows, so I wrote my own.
+This software allows you to type in the time-sensitive password right
+when your chat script is asked to supply the passcode by the remote
+system.
+
+
+II How It Works
+
+ This version of chat his an additional command that can be put into
+its options that says "Don't reply with this string. Open this pipe,
+read the contents, and reply with that instead." Chatchat creates a
+pipe and lets you type your passcode into it, then chat picks that up
+and sends it out just as though the passcode was hardcoded into the
+options.
+
+
+III Installation
+
+ I've provided intel binaries and source code the the modified chat
+program and the chatchat program. I'll recommend that you copy the
+chat.c program into your ppp-2.3.5/chat directory (save your original
+chat.c program first!) and re-make it using the Makefile that comes
+with chat. Copy the new chat somewhere into your path. (On my system
+chat lives in /usr/sbin/chat, so I've copied the modified one into
+/usr/sbin/chat.new and changed my dial in script to call chat.new
+instead of chat.
+
+ Second, compile chatchat.c and install it somewhere in your path:
+
+ gcc -g -o chatchat chatchat.c
+ cp chatchat /usr/sbin
+
+ Third, modify your chat script to use the chatchat program. Mine
+looks something like this:
+
+
+ --------------------
+
+#!/bin/sh
+#
+# This is part 2 of the ppp-on script. It will perform the connection
+# protocol for the desired connection.
+# use atm0 to turn down the speaker volume on my sportster x2 voice modem
+# gpk 11/2/97
+
+exec /usr/sbin/chat.new -V -v \
+ ABORT "BUSY" \
+ ABORT "NO DIAL TONE" \
+ ABORT "NO ANSWER" \
+ TIMEOUT 50 \
+ "" "atm0" \
+ OK ATDT$TELEPHONE \
+ CONNECT '' \
+ name: \\da0xxxxxx \
+ word: @/var/tmp/p \
+ compress. ''
+
+
+ -----------------------
+
+ This is a standard chat script:
+
+* abort if the modem is busy, you don't get a dial tone, no one
+ answers, or 50 seconds elapses.
+
+* use atm0 to mute the modem
+
+* dial the modem, when it connects, wait to be asked for account name
+
+* when we see "name:" prompt, delay briefly then respond with your
+ account name (fill in your account name)
+
+Now we get to the new stuff:
+
+* when we see "word:" in the password prompt, instead of responding
+ with "@/var/tmp/p", the modified chat program will open the pipe
+ /var/tmp/p, read the passcode out of there, and send it
+
+* when we see "compress." (the last word before ppp starts), reply
+ with nothing. The script ends and we start ppp.
+
+Note:
+
+* Make sure there is some whitespace between the filename and the \.
+
+
+IV Usage
+
+ To use this install the modified chat and chatchat programs, and
+modify your chat script similar to the above. Before you dial in,
+start that chatchat program giving it the same pipe as in your config
+file. In the above case:
+
+chatchat /var/tmp/p
+
+ Wait until you have one or two tick marks left on your card's
+current number, then start your dial up process that eventually calls
+chat. When chat goes to open and read the pipe, chatchat will prompt:
+
+
+type PIN into SecurID card and
+ enter resulting passcode:
+
+ At that point, type your PIN number into your Securid card, press
+the diamond, and type the resulting numbers in as your passcode. If
+you've left the -V -v options on your chat command you'll see
+everything so out, otherwise it works silently.
+
+ If you type the number wrong or run out of time, the server will
+respond with an authentication failure. In that case you will have to
+hang up and start again. I don't know how to build a conditional script
+that says either expect "compress" next, but if you see "name:" again,
+do this instead.
+
+
+V Additional Information
+
+ You can obtain additional information about chat and ppp from the
+man pages for chat and pppd, as well as the PPP-HOWTO.
+
projects / ppp.git / blobdiff