Manualshelf

Installing and Administering PPP

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
131132133134135136137138139140
134 Chapter 5
Security Techniques
Replacing getty with pppd
Replacing getty with pppd
Incoming calls most often invoke the getty program because it enables
login on a serial port. However, in some cases, pppd can be invoked in
place of getty. Invoking pppd offers additional security because people
find the beginning of LCP option negotiations much more difficult to
circumvent than a simple ‘login:’ prompt. When the modem answers an
incoming call and raises the Carrier Detect signal, the caller sees a burst
of what looks like line noise.
To replace getty with pppd, first use SAM to set up a getty on the
serial port. When setting up the serial port through SAM, be sure to
choose “Receive Incoming Calls (start getty process)”. This adds a getty
(or uugetty) line to the /etc/inittab file. As an example, suppose the
line added to /etc/inittab by SAM were:
a0:3:respawn:/usr/lbin/uucp/uugetty -r -t 60 -h ttyd0p1 19200
You can replace the uugetty with the pppd process and invoke it with
any arguments you like. For example:
a0:3:respawn:/usr/bin/pppd localhost: idle 120 requireauth ttyd0p1 19200
It should be noted that the device (ttyd0p1) and speed (19200) should be
specified on the pppd command line as pppd needs to know what device
to open and at what speed.
Note that Challenge Handshake Authentication Protocol (CHAP) is still
strongly recommended for security.