Web linux-server.50webs.com
Home
Linux Server Basics
Linux Web Server
Linux Mail Server
Linux FTP Server
Linux DHCP Server
Linux DNS Server
Maintaining Your Linux Server
Linux Server Forum
Site Map

Linux Server Basics

PPP Security:

PPP has two authentication protocols: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). PAP is a simple password security system. CHAP is a more advanced system that uses encrypted strings and secret keys for authentication. Authentication helps to prevent intruders from accessing your server through its serial ports.

PAP Security:
Password Authentication Protocol is vulnerable to all of the attacks of any reusable password system. PAP is better than no security, but not by much. PAP sends the PPP the client name and the password as clear text at the beginning of the connection setup. After this initial authentication, the client is not reauthenticated. Although spying on a serial line is much more difficult than spying on an Ethernet, PAP clear-text passwords can still be stolen by someone spying on your network traffic. Additionally, an established session can be hijacked by a system spoofing addresses.

Because of these weaknesses, use PAP only when you must—for example, if you have to support a client that can only provide PAP authentication. Unfortunately, PAP is still very widely used, and may be your only choice.

To configure PAP, make appropriate password entries in the /etc/ppp/pap-secrets file. A pap-secrets file might contain the following:
# Secrets for authentication using PAP
# client server secret IP addresses
crow wren Wherearethestrong? 172.16.5.5
wren crow Whoarethetrusted? 172.16.5.1

Given the configuration shown in the previous listing, crow sends the PPP client name crow and the password Wherearethestrong? when asked for authentication by wren. wren sends the client name wren and the password Whoarethetrusted? when asked for authentication by crow. Both systems have the same entries in their pap-secrets files. These two entries provide authentication for both ends of the PPP connection.

The IP address field at the end of each entry defines the address from which the client name and the password are valid. Thus, only the host at address 172.16.5.5 can use the client name crow and the password Wherearethestrong?. Even though this is a valid client name and password combination, if it comes from any other address, it will be rejected.

The auth option on the pppd command line forces the PPP daemon to require authentication. If it must, it will fall back to PAP, but first it will try to use CHAP...

.
©linux-server.50webs.com All Rights Reserved. www.algerie-dz.info
webmaster