From: Paul Mackerras Date: Tue, 16 Mar 1999 22:50:29 +0000 (+0000) Subject: add question about auth in 2.3.6 X-Git-Tag: ppp-2.4.7~791 X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=commitdiff_plain;h=9c9e0653fd77e0524be85f3a653909c5f07aff3f add question about auth in 2.3.6 --- diff --git a/FAQ b/FAQ index 12a68f7..780ca63 100644 --- a/FAQ +++ b/FAQ @@ -585,3 +585,25 @@ your /etc/hosts file to make sure you have the local machine and any hosts on your local LAN listed, and /etc/resolv.conf and/or /etc/nsswitch.conf files to make sure you resolve hostnames from /etc/hosts if possible before trying to contact a nameserver. + + +------------------------------------------------------------------------ + +Q: Since I installed ppp-2.3.6, dialin users to my server have been +getting this message when they run pppd: + +peer authentication required but no suitable secret(s) found for +authenticating any peer to us (ispserver) + +A: In 2.3.6, the default is to let an unauthenticated peer only use IP +addresses to which the machine doesn't already have a route. So on a +machine with a default route, everyone has to authenticate. If you +really don't want that, you can put `noauth' in the /etc/ppp/options +file. Note that there is then no check on who is using which IP +address. IMHO, this is undesirably insecure, but I guess it may be +tolerable as long as you don't use any .rhosts files or anything like +that. I recommend that you require dialin users to authenticate, even +if just with PAP using their login password (using the `login' option +to pppd). If you do use `noauth', you should at least have a pppusers +group and set the permissions on pppd to allow only user and group to +execute it.