ppp.auth(4) [hpux man page]
ppp.Auth(4) Kernel Interfaces Manual ppp.Auth(4) NAME
ppp.Auth - PPP authentication file format DESCRIPTION
The file contains values used by HP PPP's implementation of the link-level authentication protocols, (and (This implementation of both CHAP and PAP conforms to RFC 1334, CHAP is a stronger authentication mechanism and should be used whenever possible, in preference over PAP. Format Each authentication specification is on its own single line of up to 1023 characters. Comments begin with a and extend to the end of the line; blank lines, or lines beginning with a are ignored. Fields are separated by horizontal white space (blanks or tabs). If is using CHAP authentication, the first word on the line must match the peer's Name as received in a CHAP Challenge or Response packet and the second word is used for the Secret. If is using PAP authentication, the first word on the line must match the in a transmitted or received PAP Authenticate-Request packet and the second word is used for the Password. The default value used for the Name in transmitted CHAP packets or for the Peer-ID in transmitted PAP packets is the hostname(1) of the machine is running on. In the midst of the Name/Peer-ID and Secret/Password strings, ^x is translated into the appropriate control character before matching, and represents the character corresponding to the octal number xxx. Other special sequences are: Matches a space character (ASCII 0x20). Matches a horizontal tab character (ASCII 0x09). Matches a line feed character (ASCII 0x0a). Matches a carriage return character (ASCII 0x0d). The fields have the following meaning: name The Name field of a sent or received CHAP Challenge or Response message, or the Peer-ID field of a sent or received PAP Authenticate-Request message. For transmitted packets, this is the hostname unless overridden by the option. secret The secret word that the peer also knows. optional address restrictions A set of zero or more patterns restricting the addresses that we will allow to be used with the named peer. Patterns are separated by spaces or tabs and are parsed from left to right. Each pattern may begin with an exclamation mark to indi- cate that the following pattern should not be allowed. The rest of the pattern consists of digits and periods, and optionally a leading or trailing asterisk, which will match anything. If none of the patterns match, then the address will be allowed if the last pattern began with an exclamation point, and will be disallowed otherwise. This optional address restriction feature is available only for IPv4 addresses. EXAMPLES
The following provides with a secret for use when a peer claims to be other-host, robin, or "Jack's machine". SECURITY CONCERNS
The file should be mode 600 or 400, and owned by root. AUTHOR
was developed by the Progressive Systems. SEE ALSO
pppd(1), ppp.Devices(4), ppp.Dialers(4), ppp.Filter(4), ppp.Keys(4), ppp.Systems(4), services(4). RFC 792, RFC 1332, RFC 1334, RFC 1548. ppp.Auth(4)
Check Out this Related Man Page
ppp.Systems(4) Kernel Interfaces Manual ppp.Systems(4) NAME
ppp.Systems - PPP neighboring systems description file format DESCRIPTION
The file describes how to connect with neighboring systems via PPP. Format Entries are one to a line; blank lines are ignored. Comments begin with a and extend to the end of the line. Upper/lower case distinc- tions are ignored in hostname specifications, but are significant elsewhere. Fields on a line are separated by horizontal white space (blanks or tabs). If a chat script ends with a backslash the next line is considered a continuation of the chat script. Continuations may only occur in the midst of a chat script. Each entry must contain six fields, in the following order: name The hostname or IP address of the destination machine, which should be resolvable locally. when A string that indicates the days of the week and the times of day when the system can be called (for example, MoTuTh0800-1740). The day portion may be a list containing any of Su, Mo, Tu, We, Th, Fr or Sa. The day may also be Wk for any weekday (same as MoTuWeThFr) or Any for any day (same as SuMoTuWeThFrSa). You can indicate hours in a range (for example, 0800-1230). If you do not specify a time, calls will be allowed at any time. Note that a time range that spans 0000 is permitted. For example, 0800-0600 means that all times are allowed except times between 6 AM and 8 AM. Multiple date specifications that are separated by a vertical bar (|) are allowed. For example, Any0100-0600|Sa|Su means that the system can be called any day between 1 AM and 6 AM or any time on Saturday and Sunday. The entire (sequence of) days and times may be followed by a semicolon and up to three decimal numbers separated by hyphens: one If only one number follows the semicolon, it is used as the redial delay, which is the initial time (in seconds) before a failed call will be retried. For example, Any;60 means call any time, but wait at least 60 seconds after a failure has occurred before trying to call again. If a call retry fails, will double the delay before trying again. If no initial retry delay is specified, 10 seconds is assumed. two If two numbers follow the semicolon, the second number is used as the maximum redial delay, which is the maximum time (in seconds) to delay before retrying a call. The retry time will double with each unsuccessful call until it reaches this value, after which the call will be retried every time the maximum number of seconds passes. If no maximum retry delay is specified, 3600 seconds is assumed. three If three numbers follow the semicolon, the first is used as the callback delay, the second as the redial delay, and the third as the maximum redial delay. The callback delay is the time (in seconds) to wait before attempting to re-establish a previously active connection that ended because of an abrupt line disconnection (a Hangup or SIGHUP event in the log file). The default is not to delay before calling back. During the delay following an unsuccessful call, any level 7 debugging messages written to will have the message appended. device If set to any device in with a matching speed may be used. The device's dialer chat script will be executed first, followed by the chat script. If set to the name of a device in the directory etc.), then there may be an optional corresponding entry in will not be con- sulted, and only the chat script will be executed. If set to then it must be followed by a slash, then the hostname or IP address of the system that will serve as the destination of the PPP link, then another slash, then the socket number on which to contact the remote PPP daemon. speed The speed of the connection. If the device field is ACU, the speed field will be string matched against entries in Speeds must either be valid speed numbers or must begin with them (2400, 38400, 19200-PEP, etc.). If the device field is or the speed field is ignored, but must be present as a place-holder. phone number The value to replace the escape sequence in the dialer script. If the device field names an entry in the phone number field is optional. If the device field is or the phone number field is ignored if present, but must be present as a placeholder. chat script A description of the conversation that holds with the remote machine. Chat Script Particulars A chat script takes the form of a word to expect the remote end to send, followed by a word to send in response. Unless a string ends with will follow it by sending a carriage return character (ASCII 0x0d). Chat scripts are or where the send following the hyphen is executed if the preceding expect fails to match received text. Certain special words may be used in chat script strings to control the behavior of as it attempts to dial. Both ABORT and TIMEOUT must be in the phase of the chat script. If sees abort-string while executing the remainder of the chat script, abort the dialing attempt and note the failure in the log file. While executing the current chat script, wait timeout-time seconds for an expected response before regarding the dialing attempt as having failed. Writes have a fixed 60-second timeout. The expect-send couplet of 'sets the line parity accordingly: Set transmission parity based on the parity observed in characters received in strings. This is the default. Transmit characters with the parity bit set to zero (8 bits, no parity). Transmit characters with the parity bit set to one. Transmit characters with even parity. Transmit characters with odd parity. The backquote character surrounds the name of a program that is to be run before proceeding. If the program is run in the phase of a chat script couplet, its standard output will be sent to the peer when the program exits. Chat script processing continues when the program exits. In the midst of either an string or a string, gets translated into the appropriate control character, and gets translated into x. Other special sequences are: Send or receive a space character (ASCII 0x20). Send or receive a horizontal tab character (ASCII 0x09). Send or receive a line feed character (ASCII 0x0a). Send or receive a carriage return character (ASCII 0x0d). Send or receive a backslash character (ASCII 0x5c). Send or receive a carat character (ASCII 0x5e). Send or receive the single character Ctrl-character (ASCII 0x00 through 0x1f). Send or receive a character, specified in octal digits. Pause for .25 second before proceeding (send only). Delay for two seconds before proceeding (send only). Send a break (.25 second of zero bits). Disable hangups (sets CLOCAL or LNOHANG). enable hangups (unsets CLOCAL or LNOHANG) (the default). Don't append a carriage return character after sending the preceding string (send only). Don't print following send strings (e.g., a password) in any debugging or logging output. Subsequent sequences toggle mode. Parse the incoming string as an IP address, written as four decimal numbers separated by periods, and use it for the local end of the point-to-point connection (receive only). EXAMPLES
In the example below, we call host using a Telebit PEP modem with its DTE interface set at 19200 bps. We call host using a V.32/V.42/V.42bis modem that's capable of driving a 38400 DTE, and we are connected to host via a direct cable attached to running asyn- chronous PPP. We talk to via a T1 CSU/DSU attached to port 0 on a SnapLink. And we connect with pseudo-one via a PPP connection tunneled across a TCP stream to port 77 on realone.somewhere.com. If we are unsuccessful at connecting with we will try again in two seconds. If that attempt fails, we will wait four seconds before the next attempt; then eight, then sixteen, then thirty two, then forty seconds. We will continue attempting to contact every forty seconds. Our retry intervals and maximum backoff values for and are the default The notation "" "" means to expect nothing, then send nothing (followed by a carriage return). The implicit carriage return is often use- ful for eliciting a response from a remote system. # # Systems - PPP systems file # everyone Any ACU 19200-PEP 5551212 in:--in: Pwe word: qfoObar nobody Any ACU 38400 5551213 in:--in: Pthey word: qbaZz1ng someone Any;2-40 cua 38400 0 in:--in: Pthem word: qmeumBle anyone Any rsd0a/0 1536000 pseudo-one Any;2-2 tcp/realone.somewhere.com/57 RECOMMENDATIONS
The default retry time and backoff (i.e., Any;10-3600) are appropriate for use with dialup connections where the PPP connection must be reestablished as quickly as possible after an interruption but where it is not desirable to continuously redial a host that may be down. A much shorter maximum would be appropriate for a dedicated line between two systems, or where call attempts cost nothing. Moderate call retry times, such as 60 seconds, work well on systems that can establish connections in either direction using dialup modems, to avoid deadlocks waiting for telephone busy signals from each calling the other at the same time. Because of the difference between the behaviors of originating and answering modems, the 60-second clocks will usually start ticking at different times, allowing one side to call the other without interference. Alternatively, different call retry times may be specified at either end of a link to help keep the two systems from calling each other simultaneously. If you specify host names, be sure that their addresses are available locally, even with the connection down. If you find that you must bring up a connection to resolve a domain name, consider using that host's IP address (decimal numbers separated by periods) in both and instead. Automatic failover recovery can be arranged between systems that each have multiple modems, or multiple connection methods. If two systems are connected via a dedicated line (sync or async), that entry should be first in followed by another entry describing an on-demand dial-up connection. See the for more details. SECURITY CONCERNS
The file should be mode 600. AUTHOR
was developed by the Progressive Systems. SEE ALSO
pppd(1), ppp.Auth(4), ppp.Devices(4), ppp.Dialers(4), ppp.Filter(4), ppp.Keys(4). RFC 1055, RFC 1144, RFC 1332, RFC 1548. ppp.Systems(4)