PPP
implements both the Password Authentication Protocol (PAP) and the
Challenge Handshake Authentication Protocol (CHAP). If pppd
is invoked with any of the authentication options, it demands that
the peer (either calling or called) authenticate itself. The ppp.Auth(4)
file contains pairs of either names and secrets for CHAP negotiation,
or usernames and passwords for PAP negotiation. If a peer provides
a name or username, its secret or password must match that found
in the Auth file or the authentication
phase fails and the connection is terminated. Each name/secret pair
in the Auth file may be followed
by address patterns restricting the peer's negotiated IP
address. If an address restriction is specified for a particular
name and the peer's negotiated IP address does not match
the restriction address patterns, pppd
terminates the connection.
The rechap interval option instructs pppd
to periodically (every interval seconds) challenge the peer to authenticate
itself. If the peer fails the new challenge, the link is terminated.
Printable version
