PPP.AUTH(MST_PPP)

NAME

ppp.Auth - PPP authentication file format

DESCRIPTION

The file /usr/lib/mstppp/Auth on SCO systems contains values used by MST PPPs implementation of the link-level authentication protocols, CHAP (Challenge Handshake Authentication Protocol) and PAP (Password Authentication Protocol). This implementation of both CHAP and PAP conforms to RFC 1334, PPP Authentication Protocols.

CHAP is a stronger authentication mechanism. Use CHAP whenever possible instead of PAP. Earlier versions of MST PPP provided interoperability with draft versions of CHAP pppd s oldchap or olderchap command line options. However, these options are long out of date and have been eliminated from this version of the software.

SECURITY CONCERNS

The file /usr/lib/mstppp / Auth should be mode 600 or 400, and owned by root.

FORMAT

In the midst of the Name/Peer-ID and Secret/Password strings, ^x is translated into the appropriate control character before matching, and \xxx represents the character corresponding to the octal number xxx . Other special sequences are:

\s
Matches a space character (ASCII 0x20)
\t
Matches a horizontal tab character (ASCII 0x09)
\n
Matches a line feed character (ASCII 0x0a)
\r
Matches a carriage return character (ASCII 0x0d)

The fields have the following meaning:

name
The Name field of a sent or received CHAP Challenge or Response message, or the Peer-ID field of a sent or received PAP Authenticate-Request message. For transmitted packets, this is the hostname unless overridden by the pppd name option.
secret
The secret word that the peer also knows.
optional address restrictions
A set of zero or more patterns restricting the addresses that are allowed to be used with the named peer. Patterns are separated by spaces or tabs and are parsed from left to right.

Each pattern may begin with an exclamation mark to indicate that the following pattern should not be allowed.

The rest of the pattern consists of digits and periods, and optionally a leading or trailing asterisk, which will match anything. If none of the patterns match, then the address will be allowed if the last pattern began with an exclamation point, and will be disallowed otherwise.

If the optional address restriction field consists of only a single address, it replaces the destination address configured on the command line.

EXAMPLE

The following Auth provides pppd with a secret for use when a peer claims to be other-host, robin, orJack's machine'.

#
# Auth - PPP authentication name/secret file
# Format:
#name secret optional address restrictions
other-host secret-key !137.175.9.2 37.175.9.*/0xffffff00
robin dK3ig8G8hs 137.175.11.4
Jack's\smachine I\sam\sa\sjelly\sdonut.

SEE ALSO

tun(MST_PPP), ppp.Devices (MST_PPP), ppp.Dialers (MST_PPP), ppp.Filter (MST_PPP), ppp.Keys (MST_PPP), ppp.Systems (MST_PPP), pppd (MST_PPP), RFC 792, RFC 1661 , RFC 1332, RFC 1334 .

Brian Lloyd and William A. Simpson, "The PPP Authentication Protocols," Internet Draft, May 1992.

COPYRIGHT INFORMATION

Copyright 1991, 1992, 1993, 1994, 1995, 1996 Morning Star Technologies Inc.; all rights reserved.