Subject: Re: PPP authentication
To: None <>
From: Geoff Wing <>
List: current-users
Date: 09/29/1998 12:38:22
Jukka Marin <> typed:
:Let's say there are some 30 NetBSD boxes with 4 to 8 dial-in lines on
:each.  What's the easiest way of configuring PPP on all lines and boxes
:to authenticate the users using a shared user database?  Also, is there
:any way of limiting user on-line time to some number of minutes per day?
:I wrote a daemon which monitors given terminal lines and kicks off the
:users who have used up all their time, but this system only works if the
:TTY line is owned by the dial-in user.  However, if I start pppd on all
:lines and let it do the authentication (this is required, so no special
:scripts are needed on the dial-in users' machines), my daemon no longer
:knows who's using the TTY lines.  Is it possible to get the user ID out
:of pppd after authentication somehow?
:I'd like to set this system up and replace lots of m$ stuff, but first
:I need to find a way for implementing the shared user database and time

You could use YP for authentication with ``login'' option to pppd and
the appropriate /etc/ppp/pap-secrets lines.  eg. for user ``username'':
	username    *   ""   *
Using YP will also give you a central way for users to change their
passwords, or for you to.  The TTY will be owned by the user who logs
in, but if you need extra stuff to give to your daemon then use 
/etc/ppp/auth-up  and  /etc/ppp/auth-down  (RTFM of pppd for arguments
to each).  Just make sure you use /var/yp/securenet (or the other method)
to prevent anyone outside your network from accessing your YP databases.
Geoff Wing   <>            Mobile : 0412 162 441
Work URL:   Ego URL: