ppp.Auth.4 (2010 09)
p
ppp.Auth(4) ppp.Auth(4)
NAME
ppp.Auth - PPP authentication file format
DESCRIPTION
The file
/etc/ppp/Auth
contains values used by HP PPP’s implementation of the link-level authentica-
tion protocols, CHAP (Challenge Handshake Authentication Protocol) and PAP (Password
Authentication Protocol). This implementation of both CHAP and PAP conforms to RFC 1334, PPP
Authentication Protocols.
CHAP is a stronger authentication mechanism and should be used whenever possible, in preference over
PAP.
Format
Each authentication specification is on its own single line of up to 1023 characters. Comments begin with
a
# and extend to the end of the line; blank lines, or lines beginning with a
#, are ignored. Fields are
separated by horizontal white space (blanks or tabs).
If
pppd is using CHAP authentication, the first word on the line must match the peer’s Name as received
in a CHAP Challenge or Response packet and the second word is used for the Secret .If
pppd is using
PAP authentication, the first word on the line must match the
Peer-ID in a transmitted or received PAP
Authenticate-Request packet and the second word is used for the Password. The default value used for
the Name in transmitted CHAP packets or for the Peer-ID in transmitted PAP packets is the hostname (1)
of the machine
pppd is running on.
In the midst of the Name/Peer-ID and Secret/Password strings, ˆx is translated into the appropriate con-
trol character before matching, and
\xxx represents the character corresponding to the octal number xxx.
Other special sequences are:
\s Matches a space character (ASCII 0x20).
\t Matches a horizontal tab character (ASCII 0x09).
\n Matches a line feed character (ASCII 0x0a).
\r Matches a carriage return character (ASCII 0x0d).
The fields have the following meaning:
name The Name field of a sent or received CHAP Challenge or Response message, or the Peer-
ID field of a sent or received PAP Authenticate-Request message. For transmitted pack-
ets, this is the hostname unless overridden by the
pppd name option.
secret The secret word that the peer also knows.
optional address restrictions
A set of zero or more patterns restricting the addresses that we will allow to be used with
the named peer. Patterns are separated by spaces or tabs and are parsed from left to
right. Each pattern may begin with an exclamation mark to indicate that the following
pattern should not be allowed. The rest of the pattern consists of digits and periods, and
optionally a leading or trailing asterisk, which will match anything. If none of the pat-
terns match, then the address will be allowed if the last pattern began with an exclama-
tion point, and will be disallowed otherwise.
This optional address restriction feature is available only for IPv4 addresses.
EXAMPLES
The following
Auth provides pppd with a secret for use when a peer claims to be other-host, robin, or
"Jack’s machine".
#
# Auth - PPP authentication name/secret file
# Format:
#name secret optional address restrictions
other-host secret-key !137.175.9.2 137.175.9.*/0xffffff00
robin dK3ig8G8hs 137.175.11.4
Jack’s\smachine I\sam\sa\sjelly\sdonut.
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1