X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fpppd.8;h=c210d05d12a4df479d0748e57aa005ea5b6ada5c;hp=a684e661f51d54ad9c3d5d39acd0d15ce9235f90;hb=5da8d0e22703b3512673e057fffe670ca9f958df;hpb=928da485167b9c379f451f4a0d81c8b47b629a43 diff --git a/pppd/pppd.8 b/pppd/pppd.8 index a684e66..c210d05 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -1,5 +1,5 @@ .\" manual page [] for pppd 2.0 -.\" $Id: pppd.8,v 1.9 1995/04/24 05:53:35 paulus Exp $ +.\" $Id: pppd.8,v 1.12 1995/06/12 12:02:22 paulus Exp $ .\" SH section heading .\" SS subsection heading .\" LP paragraph @@ -36,6 +36,7 @@ NCP for establishing and configuring the Internet Protocol (IP) .I Communicate over the named device. The string "/dev/" is prepended if necessary. If no device name is given, +or if the name of the controlling terminal is given, .I pppd will use the controlling terminal, and will not fork to put itself in the background. @@ -309,6 +310,12 @@ option). Set the assumed name of the remote system for authentication purposes to . .TP +.B papcrypt +Indicates that all secrets in the /etc/ppp/pap-secrets file which +are used for checking the identity of the peer are encrypted, and thus +pppd should not accept a password which (before encryption) is +identical to the secret from the /etc/ppp/pap-secrets file. +.TP .B proxyarp Add an entry to this system's ARP [Address Resolution Protocol] table with the IP address of the peer and the Ethernet address of this @@ -388,6 +395,12 @@ Set the PAP restart interval (retransmission timeout) to seconds Set the maximum number of PAP authenticate-request transmissions to (default 10). .TP +.B pap-timeout \fI +Set the maximum time that +.I pppd +will wait for the peer to authenticate itself with PAP to + seconds (0 means no limit). +.TP .B chap-restart \fI Set the CHAP restart interval (retransmission timeout for challenges) to seconds (default 3). @@ -454,7 +467,7 @@ directions if desired. .LP A secrets file is parsed into words as for a options file. A secret is specified by a line containing at least 3 words, in the order -client, server, secret. Any following words on the same line are +client name, server name, secret. Any following words on the same line are taken to be a list of acceptable IP addresses for that client. If there are only 3 words on the line, it is assumed that any IP address is OK; to disallow all IP addresses, use "-". If the secret starts @@ -510,11 +523,16 @@ When authenticating the peer with PAP, a secret of "" matches any password supplied by the peer. If the password doesn't match the secret, the password is encrypted using crypt() and checked against the secret again; thus secrets for authenticating the peer can be -stored in encrypted form. If the \fBlogin\fR option was specified, the +stored in encrypted form. If the \fBpapcrypt\fR option is given, the +first (unencrypted) comparison is omitted, for better security. +.LP +If the \fBlogin\fR option was specified, the username and password are also checked against the system password database. Thus, the system administrator can set up the pap-secrets file to allow PPP access only to certain users, and to restrict the -set of IP addresses that each user can use. +set of IP addresses that each user can use. Typically, when using the +\fBlogin\fR option, the secret in /etc/ppp/pap-secrets would be "", to +avoid the need to have the same secret in two places. .LP Secrets are selected from the CHAP secrets file as follows: .TP 2