I have a QNX v4.25G + QNX_Security_patch + TCP/IP v4.25D
- TCP/IP_SecurityPatch + TCP/IP_SecurityPatchA on a box.
The RAS service works fine: pppd v2.3.0 is configured to "auth"enticate
callers, /etc/ppp/pap-secrets is chmod 0600 with UNIX-crypted secrets in
the appropriate field.
(i.e.:
client’s_pap-login my_box’s_hostname crypted_secret
)
/etc/ppp/options:
auth 192.168.1.128: proxyarp
/etc/ppp/options.ser1:
debug :192.168.1.129
Then I change to TCP/IP v5.0A (Feb2001) NOT TOUCHING anything in the
/etc/ppp
From that moment I can connect to the box ONLY IF I omit “auth” option
from the configuration file. If either “auth” or “+pap” or “+chap” is
there pppd v2.3.5 drops the line and prints to syslog that it needed a
secret but no secrets were available.
If I omit authentication option AND chmod /etc/ppp/pap-secrets to 0666 -
then pppd v2.3.5 connects the caller to the box normally and prints to
syslog a warning that secrets file IS world-writable.
This (I think) proves that pppd v2.3.5 does see a /etc/ppp/pap-secrets
file. Why on Earth it does not authenticate callers if requested to do so?!
Definatelly it is a bug.
Things do not get any better if I try to put plaintext secrets or “” (any
value is OK) in /etc/ppp/pap-secrets.
Changing my_box’s_hostname to * does not help too. Doing these changes
simultaneously still doesn’t help. Using qcrypted secret does not help…
Please comment.
Tony.
PS. Is TCP/IP v5.0 Feb2001 the latest beta?