Discussion:
ppp with smart card
(too old to reply)
Norbert Wegener
2006-02-22 20:42:04 UTC
Permalink
Normally ppp users authenticate via pap /chap.
I have the need to authenticate via smart card against a ppp server.
Is there any chance to do this with ppp on a linux client?
Thanks
Norbert
James Carlson
2006-02-22 22:13:45 UTC
Permalink
Post by Norbert Wegener
Normally ppp users authenticate via pap /chap.
I have the need to authenticate via smart card against a ppp server.
Is there any chance to do this with ppp on a linux client?
"Any chance?" Sure. If you can figure out the plug-in interface used
in pppd, and you have a library or other suitable interface that will
perform the smart card validation function, you can write a module
that will connect these two together. Look at "passprompt" as an
example of a really trivial plug-in.

CHAP is likely not possible. CHAP works by sending a random challenge
to the peer, which must compute a hash using that challenge and the
shared secret. In the case of a smart card, there's usually no way to
get at the shared secret, and thus no way to validate that the peer's
response is correct.
--
James Carlson, KISS Network <***@sun.com>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
Loading...