Bug 65637 - pap and chap options not properly set by ifup-ippp
Summary: pap and chap options not properly set by ifup-ippp
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: initscripts   
(Show other bugs)
Version: 7.3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-05-29 09:02 UTC by Olivier Kurzweg
Modified: 2014-03-17 02:27 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-29 19:58:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
more correct approach to authentication parameters (2.93 KB, patch)
2002-05-29 09:04 UTC, Olivier Kurzweg
no flags Details | Diff

Description Olivier Kurzweg 2002-05-29 09:02:36 UTC
The current ifup-ipppd (version 6.67-1) script seems to consider +pap (+chap) 
as the opposite of -pap (-chap), leading to the incorrect setting of 
authentication options for ipppd. In fact, those ipppd options are completely 
unrelated.
+pap (+chap) means that the local side of the PPP connection requires the 
remote side to authenticate using pap (chap).
-pap (-chap) means that the local side of the PPP connection refuses to 
authenticate itself with the remote side using pap (chap).
Another way to say it is: "+" options refer to the authentication of the remote 
side by the local side whereas "-" options refer to the authentication of the 
local side by the remote side. This is a bit misleading, which is why newer 
versions of pppd have replaced those options by require-pap and refuse-pap.

Following is a patch which correct that issue.
Changes:
- AUTH is replaced by AUTHLOCAL and AUTHREMOTE
- AUTHLOCAL indicates which authentication schemes can be used for the 
authentication of the local side by the remote side. Authentication schemes are 
entered without leading "+" or "-". Possible values: "pap", "chap", "pap 
chap", "chap pap", "none", "noauth", "all"
- AUTHREMOTE indicates which authentication schemes will be used for the 
authentication of the remote side by the local side. Authentication schemes are 
entered without leading "+" or "-". Possible values: "pap", "chap", "pap 
chap", "chap pap", "none", "noauth"
- USER is replaced by NAMELOCAL and NAMEREMOTE
- NAMELOCAL is the username (of the local side) which will be used to 
authenticate the local side with the remote side.
- NAMEREMOTE is the username (of the remote side) which will be used to 
authenticate the remote side with the local side.
- DIALIN is removed as the trick is not required anymore

Comment 1 Olivier Kurzweg 2002-05-29 09:04:10 UTC
Created attachment 58805 [details]
more correct approach to authentication parameters

Comment 2 Bill Nottingham 2005-09-29 19:58:17 UTC
Closing bugs on older, no longer supported, releases. Apologies for any lack of
response.

If this persists on a current release, such as Fedora Core 4, please open a new bug.


Note You need to log in before you can comment on or make changes to this bug.