X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fpppd.8;h=2866f075895ba79b6519cf80a6317a4e42fd9766;hp=a684e661f51d54ad9c3d5d39acd0d15ce9235f90;hb=4424e3f9ec75db16898568ca4453066e0e45a51b;hpb=928da485167b9c379f451f4a0d81c8b47b629a43 diff --git a/pppd/pppd.8 b/pppd/pppd.8 index a684e66..2866f07 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -1,5 +1,5 @@ .\" manual page [] for pppd 2.0 -.\" $Id: pppd.8,v 1.9 1995/04/24 05:53:35 paulus Exp $ +.\" $Id: pppd.8,v 1.11 1995/05/01 01:46:40 paulus Exp $ .\" SH section heading .\" SS subsection heading .\" LP paragraph @@ -36,6 +36,7 @@ NCP for establishing and configuring the Internet Protocol (IP) .I Communicate over the named device. The string "/dev/" is prepended if necessary. If no device name is given, +or if the name of the controlling terminal is given, .I pppd will use the controlling terminal, and will not fork to put itself in the background. @@ -309,6 +310,12 @@ option). Set the assumed name of the remote system for authentication purposes to . .TP +.B papcrypt +Indicates that all secrets in the /etc/ppp/pap-secrets file which +are used for checking the identity of the peer are encrypted, and thus +pppd should not accept a password which (before encryption) is +identical to the secret from the /etc/ppp/pap-secrets file. +.TP .B proxyarp Add an entry to this system's ARP [Address Resolution Protocol] table with the IP address of the peer and the Ethernet address of this @@ -454,7 +461,7 @@ directions if desired. .LP A secrets file is parsed into words as for a options file. A secret is specified by a line containing at least 3 words, in the order -client, server, secret. Any following words on the same line are +client name, server name, secret. Any following words on the same line are taken to be a list of acceptable IP addresses for that client. If there are only 3 words on the line, it is assumed that any IP address is OK; to disallow all IP addresses, use "-". If the secret starts @@ -510,11 +517,16 @@ When authenticating the peer with PAP, a secret of "" matches any password supplied by the peer. If the password doesn't match the secret, the password is encrypted using crypt() and checked against the secret again; thus secrets for authenticating the peer can be -stored in encrypted form. If the \fBlogin\fR option was specified, the +stored in encrypted form. If the \fBpapcrypt\fR option is given, the +first (unencrypted) comparison is omitted, for better security. +.LP +If the \fBlogin\fR option was specified, the username and password are also checked against the system password database. Thus, the system administrator can set up the pap-secrets file to allow PPP access only to certain users, and to restrict the -set of IP addresses that each user can use. +set of IP addresses that each user can use. Typically, when using the +\fBlogin\fR option, the secret in /etc/ppp/pap-secrets would be "", to +avoid the need to have the same secret in two places. .LP Secrets are selected from the CHAP secrets file as follows: .TP 2