+int (*chap_check_hook)(void);
+int (*chap_passwd_hook)(char *user, char *passwd);
+int (*chap_auth_hook)(char *user, u_char *remmd,
+ int remmd_len, chap_state *cstate);
+
+These hooks are designed to allow a plugin to replace the normal CHAP
+password processing in pppd with something different (e.g. contacting
+an external server).
+
+The chap_check_hook is called to check whether there is any possibility
+that the peer could authenticate itself to us. If it returns 1, pppd
+will ask the peer to authenticate itself. If it returns 0, pppd will
+not ask the peer to authenticate itself (but if authentication is
+required, pppd may exit, or terminate the link before network protocol
+negotiation). If it returns -1, pppd will look in the chap-secrets
+file as it would normally.
+
+The chap_passwd_hook is called to determine what password
+pppd should use in authenticating itself to the peer with CHAP. The
+user string will already be initialized, by the `user' option, the
+`name' option, or from the hostname, but can be changed if necessary.
+This hook is called only if pppd is a client, not if it is a server.
+
+MAXSECRETLEN bytes of space are available at *passwd. If this hook
+returns 0, pppd will use the value *passwd; if it returns -1, pppd
+will fail to authenticate.
+
+The chap_auth_hook is called to determine whether the response
+to a CHAP challenge provided by the peer is valid. user points to
+a null-terminated string containing the username supplied
+by the peer. remmd points to the response provided by the peer, of
+length remmd_len bytes. cstate is the internal CHAP state structure
+maintained by pppd. chap_auth_hook is expected to return one of
+CHAP_SUCCESS or CHAP_FAILURE.
+
+