> Date: Sun, 15 Oct 1995 16:38:02 -0400 (EDT)
> From: William Bulley <web@merit.edu>
> To: "Chris B. Wilson VectorNet" <cbw@vector.net>
> Cc: portmaster-users@livingston.com
> Subject: Re: anti-multiple-login patches for radiusd
>
> According to Chris B. Wilson, VectorNet:
> >
> > Well, only problem is we're currently using the SCP (or whatever its
> > called) patch (user.ppp, user.slip, etc), and would we be able to run
> > that under the Merit version?
>
> Well, you know my position on that one. I have long held that the Merit
> solution (pppuser, slipuser, dumbuser) is sufficient and predates all
> those SCP thingys out there (sorry guys, but that's just me :-) a Merit
> person talking). But that said, I do have the diffs for the SCP stuff
> (thanks to someone whose name escapes me) and I am thinking about putting
> them in a future release (they're not there now). If these are truly two
> solutions to two _different_ problems, then I will stand corrected...
>
I'm looking into the Merit RADIUS system to replace my current Livingston
version, as it seems more extensible. However, I'm having trouble
understanding the above use of the above "canonical" user entries. I've
looked at the files and manpages with the distribution.
Using Livingston Portmasters, would it be the case that the 'pppuser'
and 'slipuser' would only come into play using PAP or CHAP (or another
protocol) where the User-Service and Framed-Protocol were already
established?
I don't have the "SCP" patch, but a similar patch (origin unknown)
in which the different services are selected with a prefix to the
username, and all start with a chat-type script as a Login service.
(The most common examples are Trumpet Winsock and MacPPP, with no
PAP or CHAP authentication; a PPP user would send "ppp:username" in
response to the Login: prompt.) 95% of the instances use the
UNIX password file now, but I'm also looking to set up a backup
server on a system where the users won't have access, and I don't run
NIS.
This setup has a separate file called "net_users" which determine
which users are allowed to used Framed services, as some are only
allowed Login service (e.g. mail-only accounts).
[snip]
>
> What is the real shame here, is that there are now two "standard" ways
> to do the SCP thing. Having to have both is both confusing and wasteful
> of people's time, etc. But then I have the same complaints about those
> little endian and big endian wars, too! Sigh... :-)
>
I haven't been around Unix/Networking/Internet/Remote Access for very
long, but it seems like chat scripts and software PPP/SLIP servers
started by the user from the command line came before PAP/CHAP...is that
not correct?
Anyway, thank you very much for the input you've provided the group
so far....I think you have a great "product" that I just don't fully
grok yet.
------------------------------------------------------------------------
David Carmean WB6YZM DC574 dave@west.net
System/Network Administrator, WestNet Communications, Inc.
PGP Key Fingerprint: CD 1C C1 15 3E E3 1D 41 ED C2 3E A8 D6 29 BD C4
------------------------------------------------------------------------