The procedure uses as examples the PPP configuration files that were introduced in How to Define Communications Over the Serial Line (Dial-in Server).
Log in as superuser on the dial-in server or assume an equivalent role.
Add authentication options to the /etc/ppp/options file.
For example, you would add the options in bold to an existing /etc/ppp/options file to implement PAP authentication:
lock auth login nodefaultroute proxyarp ms-dns 10.0.0.1 idle 120
Indicates that no pppd session on the local system can establish a default route without root privileges.
Adds an entry to the system's Address Resolution Protocol (ARP) table that specifies the IP address of the peer and the Ethernet address of the system. With this option the peer appears to be on the local Ethernet to other systems.
Enables pppd to supply a Domain Name Server (DNS) address, 10.0.0.1, for the client
Specifies that idle users are disconnected after two minutes.
In the /etc/ppp/options.cua.a file, add the following address for the cua/a user.
In the /etc/ppp/options.cua.b file, add the following address for the cua/b user.
In the /etc/ppp/pap-secrets file, add the following entry.
* * "" *
The login option, as previously described, supplies the necessary user authentication. This entry in the /etc/ppp/pap-secrets file is the standard way of enabling PAP with the login option.
To configure PAP authentication credentials for trusted callers of the dial-in server, refer to Configuring PAP Authentication for Trusted Callers (Dial-out Machines).