have_route_to auth protection is insufficient

[jkroonza]

in pppd/auth.c have_route_to(0) is used to check if we've got a default route prior to starting pppd, and if so, require auth.

In a future world where there is no IPv4 this is not sufficient, meaning we either need to check for (have_route_to(0) || have_route6_to(0)), or we need to not rely on this check at all.

I need to think about this in order to make a recommendation.

Further, to make matters worse, it may in theory be possible that our system depends on dynamic routing using eg OSPF/BGP to obtain a default route, but some other system may already initiated pppd, as such, I honestly think the check is shortsighted in some way or another.

No recommendation as of right now.

[Neustradamus]

@paulusmack, @sthibaul, @enaess, @RICCIARDI-Adrien: @jkroonza has done this ticket.

[paulusmack]

The original intent of the check was to allow a user on an otherwise isolated desktop/laptop system to connect using pppd, but for anything more complex than that, require the system administrator to set something up explicitly if they want users to be able to start ppp connections.

Fair point about a no-IPV4 world, though that does in fact seem no closer now than 20 years ago...

With things like network-manager able to configure pppd, and given that dial-up internet over a modem is hardly used if at all these days, it's probably not so necessary for an ordinary user to be able to get connected with minimal configuration. So if you want to remove the check and just always require authentication (unless/until the sysadmin configures it differently), I could agree to that.