This procedure modifies the /etc/ppp/pap-secrets file, which contains the PAP security credentials that are used to authenticate callers on the link. /etc/ppp/pap-secrets must exist on both machines on a PPP link.
The sample PAP configuration that was introduced in Figure 26–3 uses the login option of PAP. If you plan to use this option, you might also need to update your network's password database. For more information on the login option, refer to Using the login Option With /etc/ppp/pap-secrets.
Assemble a list of all potential trusted callers. Trusted callers are people to be granted permission to call the dial-in server from their remote machines.
Verify that each trusted caller already has a UNIX user name and password in the dial-in server's password database.
Verification is particularly important for the sample PAP configuration, which uses the login option of PAP to authenticate callers. If you choose not to implement login for PAP, the callers' PAP user names do not have to correspond with their UNIX user names. For information on standard /etc/ppp/pap-secrets, refer to /etc/ppp/pap-secrets File.
Do the following if a potential trusted caller does not have a UNIX user name and password:
Become superuser on the dial-in server, and edit the /etc/ppp/pap-secrets file.
Solaris PPP 4.0 provides a pap-secrets file in /etc/ppp that contains comments about how to use PAP authentication but no options. You can add the following options at the end of the comments.
# user1 myserver "" * user2 myserver "" * myserver user2 serverpass * |
To use the login option of /etc/ppp/pap-secrets, you must type the UNIX user name of each trusted caller. Wherever a set of double quotes (““) appears in the third field, the password for the caller is looked up in the server's password database.
The entry myserver * serverpass * contains the PAP user name and password for the dial-in server. In Figure 26–3, the trusted caller user2 requires authentication from remote peers. Therefore, myserver's /etc/ppp/pap-secrets file contains PAP credentials for use when a link is established with user2.
Task |
For Instructions |
---|---|
Modify the PPP configuration files to support PAP authentication |
Modifying the PPP Configuration Files for PAP (Dial-in Server) |
Set up PAP authentication on the dial-out machines of trusted callers |
Configuring PAP Authentication for Trusted Callers (Dial-out Machines) |