If you are using pap or chap authentication, then you also need to create the secrets file. These are:
The first point to note about PAP and CHAP is that they are designed to authenticate computer systems not users.
"Huh? What's the difference?" I hear you ask.
Well now, once your computer has made its PPP connection to the server, ANY user on your system can use that connection - not just you. This is why you can set up a WAN (wide area network) link that joins two LANs (local area networks) using PPP.
That being said, your ISP will probably have given you a username and password to allow you to connect to their system and thence the Internet. Your ISP is not interested in your computer's name at all, so you will probably need to use the username at your ISP as the name for your computer.
This is done using the
name username option to pppd. So, if you are
to use the username given you by your ISP, add the line
Technically, you should really use
for PAP, but pppd is sufficiently intelligent to interpret
user if it is required to use PAP. The advantage of using the
option is that this is also valid for CHAP.
As PAP/CHAP are for authenticating computers, technically you need also to specify a remote computer name. However, as most people only have one ISP, you can use a wild card (*) for the remote host name in the secrets file.
It is also worth noting that many ISPs operate multiple modem banks connected to different terminal servers - each with a different name, but ACCESSED from a single (rotary) dial in number. It can therefore be quite difficult in some circumstances to know ahead of time what the name of the remote computer is!
/etc/ppp/pap-secrets file looks like
# Secrets for authentication using PAP # client server secret acceptable local IP addresses
The four fields are white space delimited.
Suppose your ISP gave you a username of
fred and a password of
flintstone you would set the
name fred option in
/etc/ppp/options.ttySx and set up your
/etc/ppp/pap-secrets file as follows
# Secrets for authentication using PAP # client server secret acceptable local IP addresses fred * flintstone
This says for the local machine name
fred (which we have told pppd
to use even though it is not our local machine name) and for ANY
server, use the password (secret) of
Note that we do not need to specify a local IP address, unless we are required to FORCE a particular local, static IP address.
If you have several machines to which you connect using PAP, either
arrange to have different usernames on each machine or find out the
remote machine name to which you will be connecting. This will allow you
to add lines to your
pap-secrets file - provided you correctly set
name option for each separate machine to which you connect.
The current pppd version requires that you have mutual authentication methods - that is you must allow for both your machine to authenticate the remote server AND the remote server to authenticate your machine.
So, if your machine is
fred and the remote is
machine would set
name fred remotename barney and the remote
machine would set
name barney remotename fred in their respective
/etc/chap-secrets file for fred would look like
# Secrets for authentication using CHAP # client server secret acceptable local IP addresses fred barney flintstone
and for barney
# Secrets for authentication using CHAP # client server secret acceptable local IP addresses barney fred flintstone