Bug 65637 - pap and chap options not properly set by ifup-ippp
pap and chap options not properly set by ifup-ippp
Status: CLOSED DEFERRED
Product: Red Hat Linux
Classification: Retired
Component: initscripts (Show other bugs)
7.3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-05-29 05:02 EDT by Olivier Kurzweg
Modified: 2014-03-16 22:27 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-29 15:58:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
more correct approach to authentication parameters (2.93 KB, patch)
2002-05-29 05:04 EDT, Olivier Kurzweg
no flags Details | Diff

  None (edit)
Description Olivier Kurzweg 2002-05-29 05:02:36 EDT
The current ifup-ipppd (version 6.67-1) script seems to consider +pap (+chap) 
as the opposite of -pap (-chap), leading to the incorrect setting of 
authentication options for ipppd. In fact, those ipppd options are completely 
unrelated.
+pap (+chap) means that the local side of the PPP connection requires the 
remote side to authenticate using pap (chap).
-pap (-chap) means that the local side of the PPP connection refuses to 
authenticate itself with the remote side using pap (chap).
Another way to say it is: "+" options refer to the authentication of the remote 
side by the local side whereas "-" options refer to the authentication of the 
local side by the remote side. This is a bit misleading, which is why newer 
versions of pppd have replaced those options by require-pap and refuse-pap.

Following is a patch which correct that issue.
Changes:
- AUTH is replaced by AUTHLOCAL and AUTHREMOTE
- AUTHLOCAL indicates which authentication schemes can be used for the 
authentication of the local side by the remote side. Authentication schemes are 
entered without leading "+" or "-". Possible values: "pap", "chap", "pap 
chap", "chap pap", "none", "noauth", "all"
- AUTHREMOTE indicates which authentication schemes will be used for the 
authentication of the remote side by the local side. Authentication schemes are 
entered without leading "+" or "-". Possible values: "pap", "chap", "pap 
chap", "chap pap", "none", "noauth"
- USER is replaced by NAMELOCAL and NAMEREMOTE
- NAMELOCAL is the username (of the local side) which will be used to 
authenticate the local side with the remote side.
- NAMEREMOTE is the username (of the remote side) which will be used to 
authenticate the remote side with the local side.
- DIALIN is removed as the trick is not required anymore
Comment 1 Olivier Kurzweg 2002-05-29 05:04:10 EDT
Created attachment 58805 [details]
more correct approach to authentication parameters
Comment 2 Bill Nottingham 2005-09-29 15:58:17 EDT
Closing bugs on older, no longer supported, releases. Apologies for any lack of
response.

If this persists on a current release, such as Fedora Core 4, please open a new bug.

Note You need to log in before you can comment on or make changes to this bug.