The K Desktop Environment

6.2. PAP and CHAP with kppp (alternate method)

The following is based on an email by Keith Brown and explains how to make kppp work for a generic PAP or CHAP account. If your ISP just gave you a user id and a password for a PAP account the odds are that you can skip this section and that you will get by just reading the next one entitled 'PAP with kppp'.

PAP seems a lot more complicated at first glance than it really is. The server (the machine you are connecting to) basically tells the client (your machine) to authenticate using PAP. The client (pppd) looks in a specific file for an entry that contains a matching server name and client's name for this connection, and then sends the password it finds there. That's about it! Now, here's how to make that happen. I am assuming a pppd version of 2.2.0 and a standard installation of configuration files under /etc/ppp.

For the purposes of illustration, pretend that I have an Internet account with 'glob.net', under the user name 'booger', and a password of 'foobar'. First, I need to add all this to the file /etc/ppp/pap-secrets . The format of an entry for our purposes, is:

 USERNAME  SERVERNAME   PASSWORD

so I add the line:

 booger  glob  foobar

to the file and save it. Note: I can use any name for the server I wish as long as I use the same name in the pppd arguments, as we'll see shortly. I have shortened it to 'glob'. This name is just used to locate the correct password.

Now, I need to set up my connection in kppp. The basics are the same as any other connection, and I won't go into details here, except to say that you probably want to make sure that the /etc/ppp/options, is empty, and you probably don't want any login script either. Now, in the settings dialog, at the bottom, is the pppd arguments button. This brings up a dialog similar to the one used for editing the login script. Here we enter values that will be sent to pppd as command line arguments, and in the case of multiple-value arguments, we need to enter each value as a separate entry in the listbox, in the correct order.

We can put any other arguments in here we want first. Now we need to add arguments that pppd needs to handle PAP authentication. In this example I am going to add 'user', 'booger', 'remotename', 'glob', in that order. The user argument tells pppd what user name to look for in pap-secrets, and send to the server. The remotename is only used by pppd to match the entry in the pap-secrets file, and is not sent to the server, so once again, it can be anything I want as long as it is consistent with the entry in the pap-secrets file.

That's all there is to it. You should now be able to set up your own connection to a server with PAP authentication. CHAP should not be much different. See the Linux Network Administrators' Guide for chap-secrets file format and pppd arguments used. The rest should be gravy, but...your mileage, ah you know the rest.