How to Create a CHAP Credentials Database (Dial-in Server)
-
Assemble a list that contains the user names of all trusted callers. Trusted callers include all people who have been granted permission to call the private network.
-
Assign each user a CHAP secret.
Note –Be sure to choose a good CHAP secret that is not easily guessed. No other restrictions are placed on the CHAP secret's contents.
The method for assigning CHAP secrets depends on your site's security policy. Either you have the responsibility for creating the secrets, or the callers must create their own secrets. If you are not responsible for CHAP secret assignment, be sure to get the CHAP secrets that were created by, or for, each trusted caller.
-
Become superuser on the dial-in server, and modify the /etc/ppp/chap-secrets file.
Solaris PPP 4.0 includes an /etc/ppp/chap-secrets file that contains helpful comments but no options. You can add the following options for the server CallServe at the end of the existing /etc/ppp/chap-secrets file.
account1 CallServe key123 * account2 CallServe key456 *
key123 is the CHAP secret for trusted caller account1. key456 is the CHAP secret for trusted caller account2.
Where to Go From Here
|
Task |
For Instructions |
|---|---|
|
Create CHAP credentials for additional trusted callers | |
|
Update the PPP configuration files to support CHAP |
How to Add CHAP Support to the PPP Configuration Files (Dial-in Server) |
|
Set up CHAP authentication on the dial-out machines of trusted callers |
Configuring CHAP Authentication for Trusted Callers (Dial-out Machines) |
- © 2010, Oracle Corporation and/or its affiliates