Perform the following tasks when setting up CHAP authentication for dial-In servers:
How to Create a CHAP Credentials Database for Dial-In Servers – Create, or have the callers create, their CHAP secrets. Add the security credentials for all trusted callers to the /etc/ppp/chap-secrets file.
How to Add CHAP Support to the PPP Configuration Files on a Dial-In Server – Add options specific to CHAP to the /etc/ppp/options and /etc/ppp/peers/peer-name files
The first task in setting up CHAP authentication is modifying the /etc/ppp/chap-secrets file. This file contains the CHAP security credentials, including the CHAP secret, that are used to authenticate callers on the link.
The following procedure implements CHAP authentication for a dial-in server in a private network. The PPP link is the only connection to the outside world. The only callers who can access the network have been granted permission by managers of the network, possibly including the system administrator.