We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Setting up PPP dial-in server WITH script

alexbik
alexbik asked
on
Medium Priority
383 Views
Last Modified: 2012-05-04
I want to provide PPP to dialin users, using a login script. I'm running mgetty+sendfax 1.1.9 with AutoPPP enabled, and this works. To let Win311 users dial in as well, I want to let them login as Pusernam, followed by the password. I do not want to let them login and issue a command afterwards, because most of the users already have a loginscript that works in the manner mentioned above. Mgetty has the option to detect a capital in front of the username, for instance to provide UUCP services. Problem is that pppd isn't able to ask a user for his password like UUCICO can. So what I need is probably some modified login binary, which strips the 'P', asks for the password, and starts PPP instead of the regular shell mentioned in /etc/password. Ofcourse, this shell _should_ be started if the username doesn't start with a 'P'..
Comment
Watch Question

hno

Commented:
Set up special PPP login accounts with pppd as login shell. The users can then do a normal login, but instead of getting a shell promt PPP is automatically started.



Author

Commented:
Hi hno,

I cannot give the users ppp as a shell, because of two reasons:
1) The users who cannot use PAP already have loginscripts that work in the above described manner,

2) Users who dial in already have a shell that I do not want to replace, because it gives them the option to change their passwords.

I _do_ have a solution at this moment (that's why I do not want to change the way things work, because it would mean that all users will have to change their loginscripts) but it uses a login binary which is patched by someone to implement this feature. Since I do not trust this person to be one of the greatest programmers (understatement of the year), I am not convinced this provides a high level of security..

Alex.

Author

Commented:
Hi hno,

I cannot give the users ppp as a shell, because of two reasons:
1) The users who cannot use PAP already have loginscripts that work in the above described manner,

2) Users who dial in already have a shell that I do not want to replace, because it gives them the option to change their passwords.

I _do_ have a solution at this moment (that's why I do not want to change the way things work, because it would mean that all users will have to change their loginscripts) but it uses a login binary which is patched by someone to implement this feature. Since I do not trust this person to be one of the greatest programmers (understatement of the year), I am not convinced this provides a high level of security..

Alex.
Commented:
What I ment is that you create new accounts for the users, in parallell with the existing shell accounts, but with a P in front of the user name. This special account uses pppd as shell but has the same UID,GID,HOME as the regular shell login.

But if you only want to use one account (easier to maintain and only one password for shell and PPP login), then you have to use a different login program. If you do not want to write a new one from scratch you can use a small wrapper around /bin/login

-------------------------------
#!/bin/sh
IFS=
PPP=1 exec /bin/login -p ${1#P}
-------------------------------
and then check for PPP in /etc/profile or similar place, and if set do "exec pppd".

if [ -n "$PPP" ]; then
  exec pppd
fi

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Sorry I didn't repy earlier.
Thanks.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.