Setting up your SLIP client was the hard part. Configuring your host
to act as a SLIP server is much easier.
There are two
ways of configuring a SLIP server. Both ways require that you set up
one login account per SLIP client. Assume you provide SLIP service to
Arthur Dent at dent.beta.com. You might create an
account named dent by adding
the following line to your passwd file:
dent:*:501:60:Arthur Dent's SLIP account:/tmp:/usr/sbin/diplogin |
Afterwards, you would set dent's
password using the passwd utility.
The dip command can be used in server mode by
invoking it as diplogin. Usually
diplogin is a link to dip. Its
main configuration file is /etc/diphosts, which
is where you specify what IP address a SLIP user will be assigned when
he or she dials in. Alternatively, you can also use the
sliplogin command, a BSD-derived tool featuring a
more flexible configuration scheme that lets you execute shell scripts
whenever a host connects and disconnects.
When our SLIP
user dent logs in,
dip starts up as a server. To find out if he is
indeed permitted to use SLIP, it looks up the username in
/etc/diphosts. This file details the
access rights and connection parameter for each SLIP user.
The general format for an /etc/diphosts entry looks like:
# /etc/diphosts
user:password:rem-addr:loc-addr:netmask:comments:protocol,MTU
# |
Each of the fields is described in
Table 7-2.
Table 7-2. /etc/diphosts Field Description
Field | Description |
---|
user | The username of the user invoking dip that this
entry will apply to. |
password | Field 2 of the /etc/diphosts file is used to
add an extra layer of password-based security on the connection. You can place a password in encrypted form here (just as in
/etc/passwd ) and diplogin
will prompt for the user to enter the password before allowing SLIP
access. Note that this password is used in addition to the normal
login-based password the user will enter. |
rem-addr | The address that will be assigned to the remote machine. This address may
be specified either as a hostname that will be resolved or an IP address
in dotted quad notation.
|
loc-addr | The IP address that will be used for this end of the SLIP link.
This may also be specified as a resolvable hostname or in dotted quad
format.
|
netmask | The netmask that will be used for routing purposes. Many people
are confused by this entry. The netmask doesn't apply to the
SLIP link itself, but is used in combination with the
rem-addr field to produce a route to the remote site.
The netmask should be that used by the network supported by that of the
remote host.
|
comments | This field is free-form text that you may use to help document
the /etc/diphosts file. It serves no other purpose.
|
protocol | This field is where you specify what protocol or line discipline
you want applied to this connection. Valid entries here are the same as
those valid for the –p argument to the
slattach command.
|
MTU | The maximum transmission unit that this link will carry. This field
describes the largest datagram that will be transmitted across the link.
Any datagram routed to the SLIP device that is larger than the MTU will
be fragmented into datagrams no larger than this value. Usually, the MTU is configured identically at both ends of the link.
|
A sample entry for
dent could look like this:
dent::dent.beta.com:vbrew.com:255.255.255.0:Arthur Dent:CSLIP,296 |
Our example gives our user dent access to SLIP with no additional
password required. He will be assigned the IP address associated with
dent.beta.com with a netmask
of 255.255.255.0. His default route should be
directed to the IP address of vbrew.com, and he will use the CSLIP
protocol with an MTU of 296 bytes.
When dent logs in,
diplogin extracts the information on him from the
diphosts file. If the second field contains a
value, diplogin will prompt for an “external
security password.” The string entered by the user is encrypted
and compared to the password from diphosts. If
they do not match, the login attempt is rejected. If the password
field contains the string s/key, and dip
was compiled with S/Key support, S/Key authentication
will take place. S/Key authentication is described in the
documentation that comes in the dip source package.
After a successful login, diplogin proceeds by
flipping the serial line to CSLIP or SLIP mode, and sets up the
interface and route. This connection remains established until the
user disconnects and the modem drops the
line. diplogin then returns the line to normal
line discipline and exits.
diplogin requires superuser privilege. If you don't have
dip running setuid
root, you should make
diplogin a separate copy of dip
instead of a simple link. diplogin can then safely
be made setuid without affecting the status of
dip itself.