This section contains tasks for setting up PAP authentication on the dial-out systems of trusted callers. As system administrator, you can set up PAP authentication on the systems before distribution to prospective callers. Or, if the remote callers already have their systems, you can give these callers the tasks in this section.
Perform the following tasks when setting up PAP-related tasks for the dial-out system:
Planning for Authentication on a Link – Collect user names and other data that is needed for authentication
How to Configure PAP Authentication Credentials for the Trusted Callers – Create the security credentials for the trusted caller and, if necessary, security credentials for other users who call the dial-out system, in /etc/ppp/pap-secrets
How to Add PAP Support to the PPP Configuration Files on Dial-Out Systems – Add options specific to PAP to the /etc/ppp/options and /etc/ppp/peers/peer-name files
This procedure shows how to set up PAP credentials for two trusted callers, one of which requires authentication credentials from remote peers. The steps in the procedure assume that you, the system administrator, are creating the PAP credentials on the trusted callers' dial-out systems.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
Using the sample PAP configuration that was introduced in Example of a PAP Authentication Scenario (Working From Home), assume that the dial-out system belongs to user1.
This release provides an /etc/ppp/pap-secrets file that contains helpful comments but no options. You can add the following options to this /etc/ppp/pap-secrets file.
user1 myserver pass1 *
Note that user1's password pass1 is passed in readable ASCII form over the link. myserver is caller user1's name for the peer.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
Using the PAP authentication example, assume that this dial-out system belongs to the caller user2.
You can add the following options to the end of the existing /etc/ppp/pap-secrets file.
user2 myserver pass2 * myserver user2 serverpass *
In this example, /etc/ppp/pap-secrets has two entries. The first entry contains the PAP security credentials that user2 passes to dial-in server myserver for authentication.
user2 requires PAP credentials from the dial-in server as part of link negotiation. Therefore, the /etc/ppp/pap-secrets also contains PAP credentials that are expected from myserver on the second line.
See Also
How to Create a PAP Credentials Database for a Dial-In Server