HP-UX Reference (11i v1 00/12) - 4 File Formats (vol 8)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man4/!!!intro.4
________________________________________________________________
___ ___
p
ppp.Auth(4) ppp.Auth(4)
NAME
ppp.Auth - PPP authentication file format
DESCRIPTION
The file /etc/ppp/Auth contains values used by HP PPP’s implementation of the link-level authentica-
tion protocols, CHAP (Challenge Handshake Authentication Protocol) and PAP (Password Authen-
tication Protocol). This implementation of both CHAP and PAP conforms to RFC 1334, PPP Authentica-
tion Protocols.
CHAP is a stronger authentication mechanism and should be used whenever possible, in preference over
PAP.
Format
Each authentication specification is on its own single line of up to 1023 characters. Comments begin with a
‘#’ and extend to the end of the line; blank lines, or lines beginning with a ‘#’, are ignored. Fields are
separated by horizontal white space (blanks or tabs).
If pppd is using CHAP authentication, the first word on the line must match the peer’s Name as received
in a CHAP Challenge or Response packet and the second word is used for the Secret.If
pppd is using PAP
authentication, the first word on the line must match the
Peer-ID
in a transmitted or received PAP
Authenticate-Request packet and the second word is used for the Password. The default value used for the
Name in transmitted CHAP packets or for the Peer-ID in transmitted PAP packets is the hostname(1) of
the machine
pppd is running on.
In the midst of the Name/Peer-ID and Secret/Password strings, ˆx is translated into the appropriate control
character before matching, and
\xxx represents the character corresponding to the octal number
xxx.
Other special sequences are:
\s Matches a space character (ASCII 0x20).
\t Matches a horizontal tab character (ASCII 0x09).
\n Matches a line feed character (ASCII 0x0a).
\r Matches a carriage return character (ASCII 0x0d).
The fields have the following meaning:
name The Name field of a sent or received CHAP Challenge or Response message, or the Peer-ID
field of a sent or received PAP Authenticate-Request message. For transmitted packets,
this is the hostname unless overridden by the pppd name option.
secret The secret word that the peer also knows.
optional address restrictions
A set of zero or more patterns restricting the addresses that we will allow to be used with
the named peer. Patterns are separated by spaces or tabs and are parsed from left to right.
Each pattern may begin with an exclamation mark to indicate that the following pattern
should not be allowed. The rest of the pattern consists of digits and periods, and optionally
a leading or trailing asterisk, which will match anything. If none of the patterns match,
then the address will be allowed if the last pattern began with an exclamation point, and
will be disallowed otherwise.
EXAMPLE
The following Auth provides pppd with a secret for use when a peer claims to be other-host, robin, or
‘Jack’s machine’.
#
# Auth - PPP authentication name/secret file
# Format:
#namesecret optional address restrictions
other-host secret-key !137.175.9.2 137.175.9.*/0xffffff00
robindK3ig8G8hs 137.175.11.4
Jack’s\smachine I\sam\sa\sjelly\sdonut.
SECURITY CONCERNS
The file /etc/ppp/Auth
should be mode 600 or 400, and owned by root.
HP-UX Release 11i: December 2000 − 1 − Section 4−−211
___
___