How to Create a CHAP Credentials Database (Dial-in Server)

1. Assemble a list that contains the user names of all trusted callers. Trusted callers include all people who have been granted permission to call the private network.

2. Assign each user a CHAP secret.

   ---

   Note –

   Be sure to choose a good CHAP secret that is not easily guessed. No other restrictions are placed on the CHAP secret's contents.

   ---

   The method for assigning CHAP secrets depends on your site's security policy. Either you have the responsibility for creating the secrets, or the callers must create their own secrets. If you are not responsible for CHAP secret assignment, be sure to get the CHAP secrets that were created by, or for, each trusted caller.

3. Become superuser on the dial-in server or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

4. Modify the /etc/ppp/chap-secrets file.

   Solaris PPP 4.0 includes an /etc/ppp/chap-secrets file that contains helpful comments but no options. You can add the following options for the server CallServe at the end of the existing /etc/ppp/chap-secrets file.

   account1 CallServe key123 * account2 CallServe key456 *

   key123 is the CHAP secret for trusted caller account1.

   key456 is the CHAP secret for trusted caller account2.

See Also

The following list provides references to related information.

• How to Create a CHAP Credentials Database (Dial-in Server)

• How to Add CHAP Support to the PPP Configuration Files (Dial-in Server)

• Configuring CHAP Authentication for Trusted Callers (Dial-out Machines)