John's Linux PPP patch

NEW: Plugin for pppd 2.3.10.

The original patch is at the bottom of this page.  I recommend though you use this new plugin.

This is a simple plugin for pppd 2.3.10 which will read a password from stdin and use that for pap authentication.  This is designed for users who want to dial an isp or other computer and don't want their password sitting in plain text in the pap file.

Getting the plugin

If you want to compile the plugin your self, you will need the latest ppp from  ftp://cs.anu.edu.au/pub/software/ppp/ and the plugin code from here.  Put this file in the pppd/plugins directory, update your makefile witht the following lines

text.so: text.c
    $(CC) -o $@ $(LDFLAGS) $(CFLAGS) text.c

and type make text.so.

You can also download a binary for Linux i386 here if compiling sounds like hard work.

Using the plugin

Using the plugin is simple.  Along with regular pppd options, add the following
plugin /path/to/plugins/text.so authpass user <user name>

You probably want to write a script to do this, so it can read your password with echo off. Have a look at the scripts at the bottom of this page.

And as always, report success and failure to jn@it.swin.edu.au.

The original patch info...

Here is a small patch for ppp which will allow you to specify a user password on the command line, thuss allowing a script to prompt the user for a password, and not require writing it to a file.

It was originaly written for ppp 2.3.3, but it works fine on 2.3.5.

Step1. Download the patch (the old patch is still available)

Step 2. Apply the patch. You will need the ppp source code of course. You can get it from ftp://cs.anu.edu.au/pub/software/ppp/ Use the latest version (2.3.5).

Step 3. Ask me how to apply the patch

Step 4. try these instructions

# tar -zxvf ppp-2.3.5.tar.gz
# patch < ppp-2.3.5.jn.patch

Step 5. run ./configure and make

Step 6. Install these scripts

  • /etc/ppp/options ; yes, this is an empty file, backup any existing file you may have
  • /etc/ppp/options.sample ; edit the file. All you should need it the phone number
  • /etc/ppp/dial ; this script does the dialing, edit it if you want
  • /usr/local/bin/ppp ; this is the script you run to start ppp. It will prompt you for a connection, user name and password and away you go :)

Step 7. surf away...

The patch adds two new command line options

-user <username>

-authpass

The password is then read from stdin. I used to specify it on the command line, but when you do a ps, there is your password for everybody to see.

You should be able to connect to an NT RAS server which will only accept encrypted passwords.

There may be security risks associated with this setup, but I am happier with it than leaving my plain text password lying about.

If you have any problems, e-mail me jn@it.swin.edu.au

Last modified 26/02/01
Maintained by John Newbigin

Back to Linux info