For remote callers to configure CHAP, ensure that the callers' local CHAP secrets match the callers' equivalent CHAP secrets in the dial-in server's /etc/ppp/chap-secrets file. Then give the callers the tasks in this section for configuring CHAP. Depending on your site's security policy, either you or the trusted callers might be responsible for setting up CHAP authentication.
Perform the following tasks when setting up CHAP authentication for dial-out stystems:
How to Create a CHAP Credentials Database for Dial-In Servers – Create the security credentials for the trusted caller and, if necessary, security credentials for other users who call the dial-out system, in /etc/ppp/chap-secrets
How to Add CHAP Support to the PPP Configuration Files on a Dial-Out System – Add the security credentials for all trusted callers to the /etc/ppp/chap-secrets file
This procedure shows how to set up CHAP credentials for two trusted callers. The steps in the procedure assume that you, the system administrator, are creating the CHAP credentials on the trusted callers' dial-out systems.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
Using the sample CHAP configuration in Example of a Configuration Using CHAP Authentication, assume that the dial-out system belongs to trusted caller account1.
This release includes an /etc/ppp/chap-secrets file that has helpful comments but no options. You can add the following options to the existing /etc/ppp/chap-secrets file.
account1 CallServe key123 *
CallServe is the name for the peer that account1 is trying to reach. key123 is the CHAP secret to be used for links between account1 and CallServer.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
Assume that this system belongs to caller account2.
account2 CallServe key456 *
Now, account2 has secret key456 as its CHAP credentials for use over links to peer CallServe.
See Also