test

System Administration Guide: Resource Management and Network Services

How to Create a PAP Credentials Database (Dial-in Server)

This procedure modifies the /etc/ppp/pap-secrets file, which contains the PAP security credentials that are used to authenticate callers on the link. /etc/ppp/pap-secrets must exist on both machines on a PPP link.

The sample PAP configuration that was introduced in Figure 30–3 uses the login option of PAP. If you plan to use this option, you might also need to update your network's password database. For more information on the login option, refer to Using the login Option With /etc/ppp/pap-secrets.

  1. Assemble a list of all potential trusted callers—people to be granted permission to call the dial-in server from their remote machines.

  2. Verify that each trusted caller already has a UNIX user name and password in the dial-in server's password database.

    Note –

    This is particularly important for the sample PAP configuration, which uses login option of PAP to authenticate callers. If you choose not to implement login for PAP, the callers' PAP user names do not have to correspond with their UNIX user names. For information on standard /etc/ppp/pap-secrets, refer to /etc/ppp/pap-secrets File.

    Do the following if a potential trusted caller does not have a UNIX user name and password:

    1. For callers that you do not know, confirm with their managers or other system administrators that these remote users are permitted to access the dial-in server.

    2. Create UNIX user names and passwords for these callers in the manner that is directed by your corporate security policy.

  3. Become superuser on the dial-in server, and edit the /etc/ppp/pap-secrets file.

    Solaris PPP 4.0 provides a pap-secrets file in /etc/ppp that contains comments about how to use PAP authentication but no options. You can add the following options at the end of the comments.


    # 
user1      myserver        ""          *
user2      myserver        ""          *
myserver   user2           serverpass  *

    To use the login option of /etc/ppp/pap-secrets, you must type the UNIX user name of each trusted caller. Wherever a set of double quotes (““) appears in the third field, the password for the caller is looked up in the server's password database.

    The entry myserver * serverpass * contains the PAP user name and password for the dial-in server. In Figure 30–3, the trusted caller user2 requires authentication from remote peers. Therefore, myserver's /etc/ppp/pap-secrets file contains PAP credentials for use when a link is established with user2.

Where to Go From Here

Task  

For Instructions 

Modify the PPP configuration files to support PAP authentication 

Modifying the PPP Configuration Files for PAP (Dial-in Server)

Set up PAP authentication on the dial-out machines of trusted callers 

Configuring PAP Authentication for Trusted Callers (Dial-out Machines)