[Techtalk] Using kppp etc. as a user

Linda Y. Kuo illini.engineer at att.net
Tue Feb 21 12:55:36 EST 2006

On 21 Feb 2006 at 0:04, David Sumbler wrote:

> "Linda Y. Kuo" <illini.engineer at att.net> writes:
> >> After a struggle, I have managed to get my winmodem working under both
> >> Fedora 4 and Ubuntu 5.10. I don't actually need the modem since I
> >> have a broadband connection, but I wanted to learn how to go about
> >> setting up a winmodem so that I can eventually install a useful Ubuntu
> >> system on a computer for a friend who does not have broadband.
> >> 
> >> However, I haven't yet managed to work out how to get either kppp (in
> >> Fedora) or the Gnome dialer (in Ubuntu) to function without su-ing or
> >> sudo-ing. In Fedora I tried setting the setuid bit on /usr/bin/kppp
> >> (which is a link to /usr/bin/consolehelper), but this only caused kppp
> >> to fail when I tried to launch it, instead of asking for the root
> >> password. When, as an alternative, I set setuid on /usr/sbin/kppp, I
> >> still had to give the root password.
> >> 
> >> What I should like to do, eventually, is to be able to get the dialler
> >> to connect automatically whenever a connection is needed, e.g. when
> >> launching Firefox, and certainly without having to give a password.
> >> Can someone give me some idea how to achieve this, please?
> >> 
> >> David
> >> 
> >> -- 
> >> 
> >> david at aeolia.co.uk
> >
> > I have RH8 installed on my Thinkpad.
> >
> > This is what I did -->
> > =====
> > The solution was a change to the file /etc/pam.d/kppp
> >
> > I first changed
> >  auth required /lib/security/pam_stack.so service=system-
> > auth
> > to
> >  auth sufficient /lib/security/pam_stack.so service=system-
> > auth
> >
> > that did not work, but I left the change in anyway
> >
> > I then added
> >  auth sufficient /lib/security/pam_console.so
> > to the file
> >
> > =====
> >
> > Maybe this will work for you.
> I've just made the change to the pam_console.so entry, without the
> pam_stack.so change, and it has done the trick.  I don't understand
> pam, so I don't pretend to know why this works, but thanks a lot, all
> the same!
> David
> -- 

I asked the same question about in August 2005, and someone on this list
gave me part of the answer or all of the answer, I don't remember
which anymore.

Glad to be of help.

At that time, I asked why it worked and received the following reply
There is also documentation usually in /usr/share/doc/pam-x.y.version.
Under there are usually a couple directories, one in html format, another
in text, that are README's explaining the use of the different pam

pam_console is used to CHANGE the permissions of the user over to root if
they execute that program on the console. Then when the program is done,
they are switched back to their normal user permissions. Kind of like an
su (switch user). There's another piece to the pam puzzle: many of these
shared libraries (.so files) look in config files to see how they should
behave. The config files are often in /etc/security.

The file you changed says "When you run kppp, use the following Pluggable
Authentication Modules..." Then each of those modules does something or
checks something.

- Barb Fox


More information about the Techtalk mailing list