ppp.Auth - PPP
authentication file format
The file /usr/lib/mstppp/Auth on SCO systems contains values used by MST PPPs implementation of the link-level authentication protocols, CHAP (Challenge Handshake Authentication Protocol) and PAP (Password Authentication Protocol). This implementation of both CHAP and PAP conforms to RFC 1334, PPP Authentication Protocols.
CHAP is a stronger authentication mechanism. Use CHAP whenever possible instead of PAP. Earlier versions of MST PPP provided interoperability with draft versions of CHAP pppd s oldchap or olderchap command line options. However, these options are long out of date and have been eliminated from this version of the software.
The file /usr/lib/mstppp / Auth should be mode 600 or 400, and owned by root.
-
Each authentication specification is on its own single line of up to 1023 characters.
-
Comments begin with a#' and extend to the end of the line. Blank lines, or lines beginning with a `#', are ignored. Fields are separated by horizontal white space through the use of blanks or tabs.
-
If pppd is using CHAP authentication, the first word on the line must match the peer's Name as received in a CHAP Challenge or Response packet and the second word is used for the Secret .
-
If pppd is using PAP authentication, the first word on the line must match the Peer-ID in a transmitted or received PAP Authenticate-Request packet and the second word is used for the Password.
-
The default value used for the Name in transmitted CHAP packets or for the Peer-ID in transmitted PAP packets is the hostname (1) of the machine pppd is running on.
In the midst of the Name/Peer-ID and Secret/Password strings, ^x is translated into the appropriate control character before matching, and \xxx represents the character corresponding to the octal number xxx . Other special sequences are:
- \s
-
Matches a space character (ASCII 0x20)
- \t
-
Matches a horizontal tab character (ASCII 0x09)
- \n
-
Matches a line feed character (ASCII 0x0a)
- \r
-
Matches a carriage return character (ASCII 0x0d)
The fields have the following meaning:
- name
-
The Name field of a sent or received CHAP Challenge or Response message, or the Peer-ID field of a sent or received PAP Authenticate-Request message. For transmitted packets, this is the hostname unless overridden by the pppd name option.
- secret
-
The secret word that the peer also knows.
- optional address restrictions
-
A set of zero or more patterns restricting the addresses that are allowed to be used with the named peer. Patterns are separated by spaces or tabs and are parsed from left to right.
Each pattern may begin with an exclamation mark to indicate that the following pattern should not be allowed.
The rest of the pattern consists of digits and periods, and optionally a leading or trailing asterisk, which will match anything. If none of the patterns match, then the address will be allowed if the last pattern began with an exclamation point, and will be disallowed otherwise.
If the optional address restriction field consists of only a single address, it replaces the destination address configured on the command line.
The following
Auth
provides
pppd
with a secret for use when a peer claims to be other-host, robin, orJack's machine'.
#
# Auth - PPP authentication name/secret file
# Format:
#name secret optional address restrictions
other-host secret-key !137.175.9.2 37.175.9.*/0xffffff00
robin dK3ig8G8hs 137.175.11.4
Jack's\smachine I\sam\sa\sjelly\sdonut.
tun(MST_PPP), ppp.Devices
(MST_PPP), ppp.Dialers
(MST_PPP), ppp.Filter
(MST_PPP), ppp.Keys
(MST_PPP), ppp.Systems
(MST_PPP), pppd
(MST_PPP), RFC
792, RFC 1661
, RFC 1332, RFC 1334
.
Brian Lloyd and William A. Simpson, "The PPP
Authentication Protocols," Internet
Draft, May 1992.
Copyright 1991, 1992, 1993, 1994, 1995, 1996 Morning Star Technologies Inc.; all rights reserved.