Projects / pppd-sql


pppd-sql is a plugin for the Point-to-Point server (pppd) on Linux and Solaris that adds an authentication backend using a MySQL or PostgreSQL database for the Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP). It supports MS-CHAPv1 and MS-CHAPv2 too. The IPCP negotiation after authentication handshake is also supported. pppd-sql supports a flexible configuration scheme, has concurrent connection handling for single users across multiple tunnel servers, and comes with easy and handy documentation.

Operating Systems

Recent releases

  •  07 Jul 2009 22:30

    Release Notes: This version adds support for fetching the server IP address from the database. This will be done with the two new configuration options, "mysql-column-server-ip" and "pgsql-column-server-ip". This version also adds support for evaluating the return value of the IP up and down scripts. This is done with the help of four new configuration options, "mysql-ip-up-fail", "mysql-ip-down-fail", "pgsql-ip-up-fail", and "pgsql-ip-down-fail". Some small documentation bugs were fixed. The annoying issue in which authentication failed if columns are prefixed with the table name was resolved.

    •  28 Jan 2009 08:58

      Release Notes: This version adds support for exclusive read and write locking on the selected row. This will improve the concurrent connection handler a lot. Support was added for IP configuration scripts with additional parameters (username, received bytes, transmitted bytes, and link duration). Blocking support was added. Four new configuration options were added: "mysql-ip-up", "mysql-ip-down", "pgsql-ip-up", and "pgsql-ip-down".

      •  18 Jan 2009 21:04

        Release Notes: This version includes support for concurrent connection handling of single users across multiple tunnel servers. Six new configuration options were added 'mysql-port', 'mysql-column-update', 'mysql-exclusive', 'pgsql-port', 'pgsql-column-update', and 'pgsql-exclusive'. The built-in failover functionality was removed (it is impossible with the concurrent connection handler, and should be made with separate database utilities).

        •  12 Jan 2009 05:51

          Release Notes: This version includes support for authentication fallback against the usual '/etc/ppp/pap-secrets' or '/etc/ppp/chap-secrets' files. Two new configuration options have been added: 'mysql-authoritative' and 'pgsql-authoritative'. SQL scripts with database schemas for import have been added. A bug has been fixed, allowing the plugin to verify CHAP authentication credentials with AES encryption.

          •  08 Dec 2008 02:53

            Release Notes: This version adds support for encrypted password storage inside the database. The current supported one-way hashes are MD5 and the UNIX crypt(). The current supported symmetric cipher is AES-128.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.