<HTML ><HEAD ><TITLE >The PAP/CHAP secrets file</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ "><LINK REL="HOME" TITLE="Linux PPP HOWTO" HREF="index.html"><LINK REL="UP" TITLE="If your PPP server uses PAP (Password Authentication Protocol)" HREF="pap.html"><LINK REL="PREVIOUS" TITLE="Using MSCHAP" HREF="x994.html"><LINK REL="NEXT" TITLE="The PAP secrets file" HREF="x1034.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" ><A HREF="http://www.linuxports.com/howto/ppp" TARGET="_top" >Linux PPP HOWTO</A ></TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="x994.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 16. If your PPP server uses PAP (Password Authentication Protocol)</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="x1034.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="AEN1005">16.2. The PAP/CHAP secrets file</H1 ><P >If you are using pap or chap authentication, then you also need to create the secrets file. These are: <TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >/etc/ppp/pap-secrets /etc/ppp/chap-secrets</PRE ></FONT ></TD ></TR ></TABLE > </P ><P >They must be owned by user root, group root and have file permissions 740 for security.</P ><P >The first point to note about PAP and CHAP is that they are designed to authenticate <EM >computer systems</EM > not <EM >users</EM >.</P ><P >Huh? What's the difference? I hear you ask.</P ><P >Well now, once your computer has made its PPP connection to the server, <EM >ANY</EM > user on your system can use that connection - not just you. This is why you can set up a WAN (wide area network) link that joins two LANs (local area networks) using PPP.</P ><P >PAP can (and for CHAP <EM >DOES</EM >) require <EM >bidirectional</EM > authentication - that is a valid name and secret is required on each computer for the other computer involved. However, this is <EM >NOT</EM > the way most PPP servers offering dial-up PPP PAP-authenticated connections operate. </P ><P >That being said, your ISP will probably have given you a user name and password to allow you to connect to their system and thence the Internet. Your ISP is not interested in your computer's name at all, so you will probably need to use the user name at your ISP as the name for your computer.</P ><P >This is done using the <TT CLASS="LITERAL" >name user name</TT > option to pppd. So, if you are to use the user name given you by your ISP, add the line <TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >name your_user name_at_your_ISP</PRE ></FONT ></TD ></TR ></TABLE > </P ><P >to your <TT CLASS="LITERAL" >/etc/ppp/options</TT > file.</P ><P >Technically, you should really use <TT CLASS="LITERAL" >user our_user name_at_your_ISP</TT > for PAP, but pppd is sufficiently intelligent to interpret <TT CLASS="LITERAL" >name</TT > as <TT CLASS="LITERAL" >user</TT > if it is required to use PAP. The advantage of using the <TT CLASS="LITERAL" >name</TT > option is that this is also valid for CHAP.</P ><P >As PAP is for authenticating <EM >computers</EM >, technically you need also to specify a remote computer name. However, as most people only have one ISP, you can use a wild card (*) for the remote host name in the secrets file.</P ><P >It is also worth noting that many ISPs operate multiple modem banks connected to different terminal servers - each with a different name, but ACCESSED from a single (rotary) dial in number. It can therefore be quite difficult in some circumstances to know ahead of time what the name of the remote computer is, as this depends on which terminal server you connect to!</P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="x994.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="x1034.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Using MSCHAP</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="pap.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >The PAP secrets file</TD ></TR ></TABLE ></DIV ></BODY ></HTML >