test

System Administration Guide: Network Services

ProcedureHow to Configure PAP Authentication Credentials for the Trusted Callers

This procedure shows how to set up PAP credentials for two trusted callers, one of which requires authentication credentials from remote peers. The steps in the procedure assume that you, the system administrator, are creating the PAP credentials on the trusted callers' dial-out machines.

  1. Become superuser on a dial-out machine or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

    Using the sample PAP configuration that was introduced in Figure 16–3, assume that the dial-out machine belongs to user1.

  2. Modify the pap-secrets database for the caller.

    Solaris PPP 4.0 provides an /etc/ppp/pap-secrets file that contains helpful comments but no options. You can add the following options to this /etc/ppp/pap-secrets file.


    user1    myserver  pass1    *

    Note that user1's password pass1 is passed in readable ASCII form over the link. myserver is caller user1's name for the peer.

  3. Become superuser on another dial-out machine or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

    Using the PAP authentication example, assume that this dial-out machine belongs to the caller user2.

  4. Modify the pap-secrets database for the caller.

    You can add the next options to the end of the existing /etc/ppp/pap-secrets file.


    user2     myserver   pass2       *
myserver  user2      serverpass  *

    In this example, /etc/ppp/pap-secrets has two entries. The first entry contains the PAP security credentials that user2 passes to dial-in server myserver for authentication.

    user2 requires PAP credentials from the dial-in server as part of link negotiation. Therefore, the /etc/ppp/pap-secrets also contains PAP credentials that are expected from myserver on the second line.

    Note –

    Because most ISPs do not supply authentication credentials, the previous scenario might be unrealistic for communications with an ISP.

See Also

The following list provides references to related information.