PAP and CHAPStarting with version 0.9.1, &kppp; has supported directly the most
commonly used form of PAP authentication. PAP with &kppp;There are two different ways to use PAP.Client side authenticationThis variant is used by many commercial ISP's. It
basically means that you (or rather, your computer) must authenticate yourself
to the ISP's PPP server. The
PPP server does not need to authenticate itself to your
computer. This is no security issue, as you should know which computer you just
tried to dial to.If your ISP gives you a username and password, and
tells you to use PAP authentication, this is the variant you
should choose.Two way authenticationAs above, but in this case your computer requires the
ISP PPP server to authenticate itself. In
order to establish a connection, you must chose the authentication method
Script based, not PAP, and you will
have to manually edit /etc/ppp/pap-secrets. While &kppp;
doesn't provide built in support for this variant, it is nevertheless easy to
establish a connection.Preparing &kppp; for PAPMake sure that the file /etc/ppp/options (and
˜/.ppprc if it exists) do not
contain one of the following arguments:It is very unlikely that any of these options are already there, but just
to be sure, please check.Start &kppp;Click SetupChoose the account you want to use PAP with and click
EditChoose the Dial tabSelect PAP in the Authentication
drop down box.If you do not want to retype the password each time you dial in, select
Store password. This will save the password to a file, so
make sure that nobody else has access to your account.That's it. Close the dialogs, type in the username and password your
ISP supplied, and click
Connect.An alternative method of using PAP and
CHAP with &kppp;This section is based on an email from Keith Brown
kbrown@pdq.net and explains how to make &kppp; work with a
generic PAP or CHAP account. If your
ISP just gave you a user id and a password for an account,
you probably can skip this section, and the instructions in the previous one
will be all you need.PAP seems a lot more complicated at first glance than
it really is. The server (the machine you are connecting to) basically tells
the client (your machine) to authenticate using PAP. The
client (pppd) looks in a specific file for an entry
that contains a matching server name, and a client name for this connection, and
then sends the password it finds there. That's about it!Now here's how to make that happen. I am assuming a
pppd version of 2.2.x or better and a standard installation
of configuration files under /etc/ppp.For the purposes of illustration, imagine that you have an internet
account with glob.net with the username
userbaz and the password
foobarFirst, you need to add all this to a file called
/etc/ppp/pap-secrets. The format of an entry for our
purposes is:USERNAME SERVERNAME PASSWORDSo you would add the following line to
/etc/ppp/pap-secrets and then save it :userbaz glob foobarYou can use any name for the server you wish, so long as you use the
same name in the pppd arguments, as you'll see
shortly. Here it's been shortened to glob, but this name
is only used to locate the correct password.Next you need to set up the connection in &kppp;. The basics are the same
as any other connection, so we won't go into details here, except to say that
you probably want to make sure that /etc/ppp/options is
empty, and you don't want to create a login script either.In the &kppp; settings dialog, at the bottom of the
Dial tab, is a pppd arguments
button. This brings up an editing dialog. Here you can enter values that will
be sent to pppd as command line arguments, and in the
case of multiple value arguments, you need to enter each value as a separate
entry in the listbox, in the correct order.You can put in any other arguments you want first. Then add the arguments
that pppd uses to handle PAP
authentication. In this example, we are going to add
user, userbaz,
remotename and glob in that
order.The tells the pppd what
user name to look for in the pap-secrets file and then to
send to the server. The remotename is used by pppd
to match the entry in the pap-secrets file, so again, it
can be anything you want so long as it is consistent with the entry in the
pap-secrets file.That's all there is to it, and you should now be able to set up your own
connection to a server with PAP authentication.
CHAP is not much different. You can see the &Linux; Network
Administrators Guide for a chap-secrets file format, and
the pppd arguments used, and the rest should be
simple.