I started this whole thread, so I might as well chime in now. :-) On Mon, Jan 26, 1998 at 07:59:17PM +0100, Sergio Talens-Oliag wrote: > On Thu, Jan 15, 1998 at 09:58:40AM +0000, Philip Hands wrote: > > > I can verify that turning off shadow passwords fixes the PAP problem. > > > This is unacceptable. And it's already reported in bug 16044. Oh well. > > I've found the problem and it's really a silly thing: the binary > package for ppp_2.3.2-2.deb is compiled without HAS_SHADOW. I've > rebuilt it changing the file debian/rules adding 'HAS_SHADOW=1' to the > second make (no PAM support): > > build: > $(checkdir) > ./configure > make USE_PAM=1 > mv pppd/pppd pppd/pppd-pam > rm pppd/auth.o > > make HAS_SHADOW=1 > touch build > > And it worked using pap-secrets: > > * hostname "" *
FYI, I'm using lines like: jeff * "" * steve * "" * tom * "" * Since I don't want all my accounts to be PPP-able. > It doesn't work without the leading * (maybe it's a bug in the > pap-secrets parser, but it's not a real problem). I don't think that's a bug. I think the format is: <username> <hostname or asterisk> "<password>" <ip address?> > I don't know if a ppp-shadow package will be needed or if there's > another way to build a debian package usable for SHADOW and not SHADOW > systems (i've started with debian development only to see what > happended with the ppp daemon, i'm sure that Phil should have the > answer, but as he states, maybe PAM support is the way to do it). I think the is the fundamental problem. You can't have it both ways without two different packages. *BUT* the PAM version *should* work both ways. IMHO there should only be a PAM version. Make that one work, and forget the rest. Is there a reason NOT to use PAM? When I turned off Shadow to make PPP work, it broke checkpassword, a binary used by Qmail's POP3 daemon. I applied PAM patches to checkpassword, and it now functions correctly whether Shadow is enabled or not. > > It this the case with ppp-pam installed ? > > Yes, it fails for me, but i haven't used PAM before and i don't know > where is the problem. If time permits i'll try to find the bug in the > code. Since I have PAM working with checkpassword, I don't know why it isn't working with PPP. > > I'd be interested to hear how people get on with PAM, since I don't use PAP > > for dial-in, so have trouble testing it. > > > > BTW I'm hoping to get pppd to be able to detect the presence of libpam at > > run-time, and so get rid of the ppp-pam package in the future. > > Phil, I'm able to test the PAP/PAM combo for dial-in easily, so if you > want me to test any code just tell me. Has anyone made PAM work with PPP? Thanks Jeff -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
