pppd: do not rely on have_route_to(0) during auth.#581
pppd: do not rely on have_route_to(0) during auth.#581jkroonza wants to merge 1 commit intoppp-project:masterfrom
Conversation
ppp-project#543 for reference. Closes: ppp-project#543 Signed-off-by: Jaco Kroon <jaco@uls.co.za>
|
Impact assessment is surprisingly hard. The case that changes is where have_route_to(0) previously returned false for non-privileged users and neither auth nor noauth was set. In other words, if we did have a default route, we'd suddenly require the remote side to auth, but if we did not we'd default to noauth (without allow_any_ip, meaning we could have multiple pppd's but only certain IPs would be available to the remote side). This feels counter-intuitive to me. The motivation was that non-privileged users could establish internet connection without needing the privileged noauth option I believe. This use-case should be extremely rare nowadays, so just assume that a default route is already available, and force auth for all non-privileged invocations, meaning a system administrator would need to create a noauth peer for non-privileged users - typically managed via network manager nowadays anyway. |
|
@paulusmack: What do you think about this @jkroonza PR? |
2 participants
#543 for reference.
Closes: #543