NAME [Toc] [Back]
ppp.Auth - PPP authentication file format
DESCRIPTION [Toc] [Back]
The file /etc/ppp/Auth contains values used by HP PPP's implementation
of the link-level authentication protocols, CHAP (Challenge Handshake
Authentication Protocol) and PAP (Password Authentication Protocol).
This implementation of both CHAP and PAP conforms to RFC 1334, PPP
CHAP is a stronger authentication mechanism and should be used
whenever possible, in preference over PAP.
Format [Toc] [Back]
Each authentication specification is on its own single line of up to
1023 characters. Comments begin with a `#' and extend to the end of
the line; blank lines, or lines beginning with a `#', are ignored.
Fields are separated by horizontal white space (blanks or tabs).
If pppd is using CHAP authentication, the first word on the line must
match the peer's Name as received in a CHAP Challenge or Response
packet and the second word is used for the Secret. If pppd is using
PAP authentication, the first word on the line must match the Peer-ID
in a transmitted or received PAP Authenticate-Request packet and the
second word is used for the Password. The default value used for the
Name in transmitted CHAP packets or for the Peer-ID in transmitted PAP
packets is the hostname(1) of the machine pppd is running on.
In the midst of the Name/Peer-ID and Secret/Password strings, ^x is
translated into the appropriate control character before matching, and
\xxx represents the character corresponding to the octal number xxx.
Other special sequences are:
\s Matches a space character (ASCII 0x20).
\t Matches a horizontal tab character (ASCII 0x09).
\n Matches a line feed character (ASCII 0x0a).
\r Matches a carriage return character (ASCII 0x0d).
The fields have the following meaning:
name The Name field of a sent or received CHAP Challenge or
Response message, or the Peer-ID field of a sent or
received PAP Authenticate-Request message. For
transmitted packets, this is the hostname unless
overridden by the pppd name option.
secret The secret word that the peer also knows.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
optional address restrictions
A set of zero or more patterns restricting the
addresses that we will allow to be used with the named
peer. Patterns are separated by spaces or tabs and are
parsed from left to right. Each pattern may begin with
an exclamation mark to indicate that the following
pattern should not be allowed. The rest of the pattern
consists of digits and periods, and optionally a
leading or trailing asterisk, which will match
anything. If none of the patterns match, then the
address will be allowed if the last pattern began with
an exclamation point, and will be disallowed otherwise.
EXAMPLE [Toc] [Back]
The following Auth provides pppd with a secret for use when a peer
claims to be other-host, robin, or `Jack's machine'.
# Auth - PPP authentication name/secret file
#name secret optional address restrictions
other-host secret-key !22.214.171.124 137.175.9.*/0xffffff00
robin dK3ig8G8hs 126.96.36.199
SECURITY CONCERNS [Toc] [Back]
The file /etc/ppp/Auth should be mode 600 or 400, and owned by root.
AUTHOR [Toc] [Back]
ppp.Auth was developed by the Progressive Systems.
SEE ALSO [Toc] [Back]
ppp.Devices(4), ppp.Dialers(4), ppp.Filter(4), ppp.Keys(4),
ppp.Systems(4), services(4), pppd(1), RFC 792, RFC 1548, RFC 1332, RFC
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003 [ Back ]