test

System Administration Guide: Resource Management and Network Services

/etc/ppp/pap-secrets File

The PAP database is implemented in the /etc/ppp/pap-secrets file. Machines on both sides of the PPP link must have properly configured PAP credentials in their /etc/ppp/pap-secrets files for successful authentication. The caller (authenticatee) supplies credentials in the user and password columns of the /etc/ppp/pap-secrets file or in the obsolete +ua file. The server (authenticator) validates these credentials against information in /etc/ppp/pap-secrets, through the UNIX passwd database, or the PAM facility.

The /etc/ppp/pap-secrets file has the following syntax.

Table 36-5 Syntax of /etc/ppp/pap-secrets

Caller 

Server 

Password 

IP Addresses 

myclient

ISP-server

mypassword

The parameters have the following meaning:

myclient

PAP user name of the caller. Often this name is identical to the caller's UNIX user name, particularly if the dial-in server uses the login option of PAP.

ISP-server

Name of the remote machine, often a dial-in server. 

mypassword

Caller's PAP password. 

IP address

IP address that is associated with the caller. Use an asterisk (*) to indicate any IP address. 

Creating PAP Passwords

PAP passwords are sent over the link in the clear (in readable ASCII format). For the caller (authenticatee), the PAP password must be stored in the clear in any of the following locations:

On the server (authenticator), the PAP password can be hidden by doing one of the following: