From bcb704366cb5e333a626c18c308c7e0448a8e69f Mon Sep 17 00:00:00 2001 From: toma Date: Wed, 25 Nov 2009 17:56:58 +0000 Subject: Copy the KDE 3.5 branch to branches/trinity for new KDE 3.5 features. BUG:215923 git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdenetwork@1054174 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- doc/kppp/chap.docbook | 191 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 doc/kppp/chap.docbook (limited to 'doc/kppp/chap.docbook') diff --git a/doc/kppp/chap.docbook b/doc/kppp/chap.docbook new file mode 100644 index 00000000..ebbdd3b9 --- /dev/null +++ b/doc/kppp/chap.docbook @@ -0,0 +1,191 @@ + +<acronym>PAP</acronym> and <acronym>CHAP</acronym> + +Starting with version 0.9.1, &kppp; has supported directly the most +commonly used form of PAP authentication. + + +<acronym>PAP</acronym> with &kppp; + +There are two different ways to use PAP. + + +Client side authentication + +This variant is used by many commercial ISP's. It +basically means that you (or rather, your computer) must authenticate yourself +to the ISP's PPP server. The +PPP server does not need to authenticate itself to your +computer. This is no security issue, as you should know which computer you just +tried to dial to. + +If your ISP gives you a username and password, and +tells you to use PAP authentication, this is the variant you +should choose. + + + + +Two way authentication + +As above, but in this case your computer requires the +ISP PPP server to authenticate itself. In +order to establish a connection, you must chose the authentication method +Script based, not PAP, and you will +have to manually edit /etc/ppp/pap-secrets. While &kppp; +doesn't provide built in support for this variant, it is nevertheless easy to +establish a connection. + + + + +Preparing &kppp; for <acronym>PAP</acronym> + + + +Make sure that the file /etc/ppp/options (and +˜/.ppprc if it exists) do not +contain one of the following arguments: + + + + + + + + + + + + + + + + + + + + + + + + + +It is very unlikely that any of these options are already there, but just +to be sure, please check. + + +Start &kppp; + + +Click Setup + + +Choose the account you want to use PAP with and click +Edit + + +Choose the Dial tab + + +Select PAP in the Authentication +drop down box. + + +If you do not want to retype the password each time you dial in, select +Store password. This will save the password to a file, so +make sure that nobody else has access to your account. + + +That's it. Close the dialogs, type in the username and password your +ISP supplied, and click +Connect. + + + + + + + + + +An alternative method of using <acronym>PAP</acronym> and +<acronym>CHAP</acronym> with &kppp; + +This section is based on an email from Keith Brown +kbrown@pdq.net and explains how to make &kppp; work with a +generic PAP or CHAP account. If your +ISP just gave you a user id and a password for an account, +you probably can skip this section, and the instructions in the previous one +will be all you need. + +PAP seems a lot more complicated at first glance than +it really is. The server (the machine you are connecting to) basically tells +the client (your machine) to authenticate using PAP. The +client (pppd) looks in a specific file for an entry +that contains a matching server name, and a client name for this connection, and +then sends the password it finds there. That's about it! + +Now here's how to make that happen. I am assuming a +pppd version of 2.2.x or better and a standard installation +of configuration files under /etc/ppp. + +For the purposes of illustration, imagine that you have an internet +account with glob.net with the username +userbaz and the password +foobar + +First, you need to add all this to a file called +/etc/ppp/pap-secrets. The format of an entry for our +purposes is: + +USERNAME SERVERNAME PASSWORD + +So you would add the following line to +/etc/ppp/pap-secrets and then save it : + +userbaz glob foobar + + +You can use any name for the server you wish, so long as you use the +same name in the pppd arguments, as you'll see +shortly. Here it's been shortened to glob, but this name +is only used to locate the correct password. + + +Next you need to set up the connection in &kppp;. The basics are the same +as any other connection, so we won't go into details here, except to say that +you probably want to make sure that /etc/ppp/options is +empty, and you don't want to create a login script either. + +In the &kppp; settings dialog, at the bottom of the +Dial tab, is a pppd arguments +button. This brings up an editing dialog. Here you can enter values that will +be sent to pppd as command line arguments, and in the +case of multiple value arguments, you need to enter each value as a separate +entry in the listbox, in the correct order. + +You can put in any other arguments you want first. Then add the arguments +that pppd uses to handle PAP +authentication. In this example, we are going to add +user, userbaz, +remotename and glob in that +order. + +The tells the pppd what +user name to look for in the pap-secrets file and then to +send to the server. The remotename is used by pppd +to match the entry in the pap-secrets file, so again, it +can be anything you want so long as it is consistent with the entry in the +pap-secrets file. + +That's all there is to it, and you should now be able to set up your own +connection to a server with PAP authentication. +CHAP is not much different. You can see the &Linux; Network +Administrators Guide for a chap-secrets file format, and +the pppd arguments used, and the rest should be +simple. + + + -- cgit v1.2.1