Subject: Re: PPP authentication
To: Jukka Marin , Current Users <>
From: John Nemeth <>
List: current-users
Date: 10/02/1998 20:00:24
On Sep 29,  1:44pm, Jukka Marin wrote:
} Let's say there are some 30 NetBSD boxes with 4 to 8 dial-in lines on
} each.  What's the easiest way of configuring PPP on all lines and boxes
} to authenticate the users using a shared user database?  Also, is there

     There are two ways to do this.  The first would be to use NIS to
share your passwd file between all machines, and then simply use the
"login" option of pppd to get it to read the passwd file.  The second
would be to modify pppd to do something else.

     I did a combination of both.  I used the "login" option to have
pppd authenticate a user, and I modified pppd to call my custom
accounting system after that to determine if the user was allowed to
use PPP and how much time they had.

} any way of limiting user on-line time to some number of minutes per day?

     I believe there is an option to do a per session limit, but there
is nothing to limit the number of sessions (consecutively or
sequentially).  For this, you would have to interface pppd with some
kind of custom accounting package.

} I wrote a daemon which monitors given terminal lines and kicks off the
} users who have used up all their time, but this system only works if the
} TTY line is owned by the dial-in user.  However, if I start pppd on all
} lines and let it do the authentication (this is required, so no special
} scripts are needed on the dial-in users' machines), my daemon no longer
} knows who's using the TTY lines.  Is it possible to get the user ID out
} of pppd after authentication somehow?

     You would be better off using either modemd or mgetty.  This way
the line could be used for either shell logins or PPP logins.  The way
these work is to look for PPP packets in response to the login: prompt
and automatically spawn off pppd.  modemd is in the package system,
but it needs a patch (* John makes a mental note to file a PR), and
mgetty needs to be ported (this is on my list of things to do).

}-- End of excerpt from Jukka Marin