261 lines
4.7 KiB
HTML
261 lines
4.7 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>The PAP/CHAP secrets file</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.52"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux PPP HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="If your PPP server uses PAP (Password Authentication
|
|
Protocol)"
|
|
HREF="pap.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="If your PPP server uses PAP (Password Authentication
|
|
Protocol)"
|
|
HREF="pap.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="The PAP secrets file"
|
|
HREF="x1034.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
><A
|
|
HREF="http://www.linuxports.com/howto/ppp"
|
|
TARGET="_top"
|
|
>Linux PPP HOWTO</A
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="pap.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 16. If your PPP server uses PAP (Password Authentication
|
|
Protocol)</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x1034.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="AEN1005"
|
|
>16.2. The PAP/CHAP secrets file</A
|
|
></H1
|
|
><P
|
|
>If you are using pap or chap authentication, then you also need to
|
|
create the secrets file. These are:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>/etc/ppp/pap-secrets
|
|
/etc/ppp/chap-secrets</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
> </P
|
|
><P
|
|
>They must be owned by user root, group root and have file permissions
|
|
740 for security.</P
|
|
><P
|
|
>The first point to note about PAP and CHAP is that they are designed to
|
|
authenticate <I
|
|
CLASS="EMPHASIS"
|
|
>computer systems</I
|
|
> not <I
|
|
CLASS="EMPHASIS"
|
|
>users</I
|
|
>.</P
|
|
><P
|
|
>Huh? What's the difference? I hear you ask.</P
|
|
><P
|
|
>Well now, once your computer has made its PPP connection to the server,
|
|
<I
|
|
CLASS="EMPHASIS"
|
|
>ANY</I
|
|
> user on your system can use that connection - not just you.
|
|
This is why you can set up a WAN (wide area network) link that joins two
|
|
LANs (local area networks) using PPP.</P
|
|
><P
|
|
>PAP can (and for CHAP <I
|
|
CLASS="EMPHASIS"
|
|
>DOES</I
|
|
>) require <I
|
|
CLASS="EMPHASIS"
|
|
>bidirectional</I
|
|
>
|
|
authentication - that is a valid name and secret is required on each
|
|
computer for the other computer involved. However, this is <I
|
|
CLASS="EMPHASIS"
|
|
>NOT</I
|
|
> the
|
|
way most PPP servers offering dial-up PPP PAP-authenticated connections
|
|
operate. </P
|
|
><P
|
|
>That being said, your ISP will probably have given you a user name and
|
|
password to allow you to connect to their system and thence the
|
|
Internet. Your ISP is not interested in your computer's name at all, so
|
|
you will probably need to use the user name at your ISP as the name for
|
|
your computer.</P
|
|
><P
|
|
>This is done using the <TT
|
|
CLASS="LITERAL"
|
|
>name user name</TT
|
|
> option to pppd. So, if you are
|
|
to use the user name given you by your ISP, add the line
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>name your_user name_at_your_ISP</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
> </P
|
|
><P
|
|
>to your <TT
|
|
CLASS="LITERAL"
|
|
>/etc/ppp/options</TT
|
|
> file.</P
|
|
><P
|
|
>Technically, you should really use <TT
|
|
CLASS="LITERAL"
|
|
>user our_user name_at_your_ISP</TT
|
|
>
|
|
for PAP, but pppd is sufficiently intelligent to interpret <TT
|
|
CLASS="LITERAL"
|
|
>name</TT
|
|
> as
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>user</TT
|
|
> if it is required to use PAP. The advantage of using the <TT
|
|
CLASS="LITERAL"
|
|
>name</TT
|
|
>
|
|
option is that this is also valid for CHAP.</P
|
|
><P
|
|
>As PAP is for authenticating <I
|
|
CLASS="EMPHASIS"
|
|
>computers</I
|
|
>, technically you need
|
|
also to specify a remote computer name. However, as most people only
|
|
have one ISP, you can use a wild card (*) for the remote host name in
|
|
the secrets file.</P
|
|
><P
|
|
>It is also worth noting that many ISPs operate multiple modem banks
|
|
connected to different terminal servers - each with a different name,
|
|
but ACCESSED from a single (rotary) dial in number. It can therefore be
|
|
quite difficult in some circumstances to know ahead of time what the
|
|
name of the remote computer is, as this depends on which terminal server
|
|
you connect to!</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="pap.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x1034.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>If your PPP server uses PAP (Password Authentication
|
|
Protocol)</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="pap.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>The PAP secrets file</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |