There are two
ways of configuring a SLIP server. Both ways require that you set up
one login account per SLIP client. Assume you provide SLIP service to
Arthur Dent at dent.beta.com. You might create an
account named dent by adding
the following line to your
dent:*:501:60:Arthur Dent's SLIP account:/tmp:/usr/sbin/diplogin
Afterwards, you would set dent’s password using the passwd utility.
The dip command can be used in server mode by
invoking it as diplogin. Usually
diplogin is a link to dip. Its
main configuration file is
is where you specify what IP address a SLIP user will be assigned when
he or she dials in. Alternatively, you can also use the
sliplogin command, a BSD-derived tool featuring a
more flexible configuration scheme that lets you execute shell scripts
whenever a host connects and disconnects.
When our SLIP
user dent logs in,
dip starts up as a server. To find out if he is
indeed permitted to use SLIP, it looks up the username in
/etc/diphosts. This file details the
access rights and connection parameter for each SLIP user.
The general format for an
/etc/diphosts entry looks like:
Each of the fields is described in Table 7.2.
Table 7-2. /etc/diphosts Field Description
The username of the user invoking dip that this entry will apply to.
Field 2 of the
The address that will be assigned to the remote machine. This address may be specified either as a hostname that will be resolved or an IP address in dotted quad notation.
The IP address that will be used for this end of the SLIP link. This may also be specified as a resolvable hostname or in dotted quad format.
The netmask that will be used for routing purposes. Many people
are confused by this entry. The netmask doesn’t apply to the
SLIP link itself, but is used in combination with the
This field is free-form text that you may use to help document
This field is where you specify what protocol or line discipline
you want applied to this connection. Valid entries here are the same as
those valid for the
The maximum transmission unit that this link will carry. This field describes the largest datagram that will be transmitted across the link. Any datagram routed to the SLIP device that is larger than the MTU will be fragmented into datagrams no larger than this value. Usually, the MTU is configured identically at both ends of the link.
A sample entry for dent could look like this:
Our example gives our user dent access to SLIP with no additional
password required. He will be assigned the IP address associated with
dent.beta.com with a netmask
255.255.255.0. His default route should be
directed to the IP address of vbrew.com, and he will use the CSLIP
protocol with an MTU of 296 bytes.
When dent logs in,
diplogin extracts the information on him from the
diphosts file. If the second field contains a
value, diplogin will prompt for an “external
security password.” The string entered by the user is encrypted
and compared to the password from
they do not match, the login attempt is rejected. If the password
field contains the string
s/key, and dip
was compiled with S/Key support, S/Key authentication
will take place. S/Key authentication is described in the
documentation that comes in the dip source package.
After a successful login, diplogin proceeds by flipping the serial line to CSLIP or SLIP mode, and sets up the interface and route. This connection remains established until the user disconnects and the modem drops the line. diplogin then returns the line to normal line discipline and exits.
diplogin requires superuser privilege. If you don’t have dip running setuid root, you should make diplogin a separate copy of dip instead of a simple link. diplogin can then safely be made setuid without affecting the status of dip itself.