<chapter id="chap-and-pap"> <title ><acronym >PAP</acronym > en <acronym >CHAP</acronym ></title> <para >Vanaf versie 0.9.1, heeft &kppp; direct de meest gebruikelijke vorm van <acronym >PAP</acronym >-authenticatie ondersteund. </para> <sect1 id="pap-with-kppp"> <title ><acronym >PAP</acronym > met &kppp;</title> <para >Er zijn twee verschillende manieren om <acronym >PAP</acronym > te gebruiken.</para> <sect2 id="client-side-authentication"> <title >Client side authentication</title> <para >This variant is used by many commercial <acronym >ISP</acronym >'s. It basically means that you (or rather, your computer) must authenticate yourself to the <acronym >ISP</acronym >'s <acronym >PPP</acronym > server. The <acronym >PPP</acronym > server does not need to authenticate itself to your computer. This is no security issue, as you should know which computer you just tried to dial to.</para> <para >If your <acronym >ISP</acronym > gives you a username and password, and tells you to use <acronym >PAP</acronym > authentication, this is the variant you should choose.</para> </sect2> <sect2 id="two-way-authentication"> <title >Two way authentication</title> <para >As above, but in this case your computer requires the <acronym >ISP</acronym > <acronym >PPP</acronym > server to authenticate itself. In order to establish a connection, you must chose the authentication method <guilabel >Script based</guilabel >, not <guilabel >PAP</guilabel >, and you will have to manually edit <filename >/etc/ppp/pap-secrets</filename >. While &kppp; doesn't provide built in support for this variant, it is nevertheless easy to establish a connection.</para> </sect2> <sect2 id="preparing-kppp-for-pap"> <title >Preparing &kppp; for <acronym >PAP</acronym ></title> <procedure> <step> <para >Make sure that the file <filename >/etc/ppp/options</filename > (and <filename >˜/.ppprc</filename > if it exists) do <emphasis >not</emphasis > contain one of the following arguments:</para> <itemizedlist> <listitem> <para ><option >+pap</option ></para> </listitem> <listitem> <para ><option >-pap</option ></para> </listitem> <listitem> <para ><option >papcrypt</option ></para> </listitem> <listitem> <para ><option >+chap</option ></para> </listitem> <listitem> <para ><option >+chap</option ></para> </listitem> <listitem> <para ><option >+ua</option ></para> </listitem> <listitem> <para ><option >remotename</option ></para> </listitem> </itemizedlist> <para >It is very unlikely that any of these options are already there, but just to be sure, please check.</para> </step> <step> <para >&kppp; opstarten</para> </step> <step> <para >Click <guibutton >Setup</guibutton ></para> </step> <step> <para >Choose the account you want to use <acronym >PAP</acronym > with and click <guibutton >Edit</guibutton ></para> </step> <step> <para >Choose the <guilabel >Dial</guilabel > tab</para> </step> <step> <para >Select <acronym >PAP</acronym > in the <guilabel >Authentication</guilabel > drop down box.</para> </step> <step> <para >If you do not want to retype the password each time you dial in, select <guilabel >Store password</guilabel >. This will save the password to a file, so make sure that nobody else has access to your account.</para> </step> <step> <para >That's it. Close the dialogs, type in the username and password your <acronym >ISP</acronym > supplied, and click <guibutton >Connect</guibutton >.</para> </step> </procedure> </sect2> </sect1> <sect1 id="pap-and-chap-alternate-method"> <title >An alternative method of using <acronym >PAP</acronym > and <acronym >CHAP</acronym > with &kppp;</title> <para >This section is based on an email from Keith Brown <email >kbrown@pdq.net</email > and explains how to make &kppp; work with a generic <acronym >PAP</acronym > or <acronym >CHAP</acronym > account. If your <acronym >ISP</acronym > just gave you a user id and a password for an account, you probably can skip this section, and the instructions in the previous one will be all you need.</para> <para ><acronym >PAP</acronym > seems a lot more complicated at first glance than it really is. The server (the machine you are connecting to) basically tells the client (your machine) to authenticate using <acronym >PAP</acronym >. The client (<application >pppd</application >) looks in a specific file for an entry that contains a matching server name, and a client name for this connection, and then sends the password it finds there. That's about it!</para> <para >Now here's how to make that happen. I am assuming a <acronym >pppd</acronym > version of 2.2.x or better and a standard installation of configuration files under <filename class="directory" >/etc/ppp</filename >.</para> <para >For the purposes of illustration, imagine that you have an internet account with <systemitem >glob.net</systemitem > with the username <systemitem >userbaz</systemitem > and the password <literal >foobar</literal ></para> <para >First, you need to add all this to a file called <filename >/etc/ppp/pap-secrets</filename >. The format of an entry for our purposes is:</para> <screen ><userinput>USERNAME SERVERNAME PASSWORD</userinput></screen> <para >So you would add the following line to <filename >/etc/ppp/pap-secrets</filename > and then save it :</para> <screen ><userinput>userbaz glob foobar</userinput></screen> <note> <para >You can use any name for the server you wish, so long as you use the same name in the <application >pppd</application > arguments, as you'll see shortly. Here it's been shortened to <userinput >glob</userinput >, but this name is only used to locate the correct password.</para> </note> <para >Next you need to set up the connection in &kppp;. The basics are the same as any other connection, so we won't go into details here, except to say that you probably want to make sure that <filename >/etc/ppp/options</filename > is empty, and you don't want to create a login script either.</para> <para >In the &kppp; settings dialog, at the bottom of the <guilabel >Dial</guilabel > tab, is a <guibutton >pppd arguments</guibutton > button. This brings up an editing dialog. Here you can enter values that will be sent to <application >pppd</application > as command line arguments, and in the case of multiple value arguments, you need to enter each value as a separate entry in the listbox, in the correct order.</para> <para >You can put in any other arguments you want first. Then add the arguments that <application >pppd</application > uses to handle <acronym >PAP</acronym > authentication. In this example, we are going to add <userinput >user</userinput >, <userinput >userbaz</userinput >, <userinput >remotename</userinput > and <userinput >glob</userinput > in that order.</para> <para >The <option >user</option > tells the <application >pppd</application > what user name to look for in the <filename >pap-secrets</filename > file and then to send to the server. The remotename is used by <application >pppd</application > to match the entry in the <filename >pap-secrets</filename > file, so again, it can be anything you want so long as it is consistent with the entry in the <filename >pap-secrets</filename > file.</para> <para >That's all there is to it, and you should now be able to set up your own connection to a server with <acronym >PAP</acronym > authentication. <acronym >CHAP</acronym > is not much different. You can see the &Linux; Network Administrators Guide for a <filename >chap-secrets</filename > file format, and the <application >pppd</application > arguments used, and the rest should be simple.</para> </sect1> </chapter>