<HTML ><HEAD ><TITLE >The CHAP secrets file</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ "><LINK REL="HOME" TITLE="Linux PPP HOWTO" HREF="index.html"><LINK REL="UP" TITLE="If your PPP server uses PAP (Password Authentication Protocol)" HREF="pap.html"><LINK REL="PREVIOUS" TITLE="The PAP secrets file" HREF="x1034.html"><LINK REL="NEXT" TITLE="Handling multiple PAP-authenticated connections" HREF="x1071.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" ><A HREF="http://www.linuxports.com/howto/ppp" TARGET="_top" >Linux PPP HOWTO</A ></TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="x1034.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 16. If your PPP server uses PAP (Password Authentication Protocol)</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="x1071.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="AEN1053">16.4. The CHAP secrets file</H1 ><P >This requires that you have mutual authentication methods - that is you must allow for both your machine to authenticate the remote server <EM >AND</EM > the remote server to authenticate your machine.</P ><P >So, if your machine is <TT CLASS="LITERAL" >fred</TT > and the remote is <TT CLASS="LITERAL" >barney</TT >, your machine would set <TT CLASS="LITERAL" >name fred remotename barney</TT > and the remote machine would set <TT CLASS="LITERAL" >name barney remotename fred</TT > in their respective <TT CLASS="LITERAL" >/etc/ppp/options.ttySx</TT > files.</P ><P >The <TT CLASS="LITERAL" >/etc/chap-secrets</TT > file for fred would look like <TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" ># Secrets for authentication using CHAP # client server secret acceptable local IP addresses fred barney flintstone barney fred wilma</PRE ></FONT ></TD ></TR ></TABLE > </P ><P >and for barney</P ><P > <TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" ># Secrets for authentication using CHAP # client server secret acceptable local IP addresses barney fred flintstone fred barney wilma</PRE ></FONT ></TD ></TR ></TABLE > </P ><P >Note in particular that both machines must have entries for bidirectional authentication. This allows the local machine to authenticate itself to the remote <EM >AND</EM > the remote machine to authenticate itself to the local machine.</P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="x1034.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="x1071.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >The PAP secrets file</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="pap.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Handling multiple PAP-authenticated connections</TD ></TR ></TABLE ></DIV ></BODY ></HTML >