- if (scan_authfile(f, user, our_name, secret, &addrs, filename) < 0
- || (!uselogin && secret[0] != 0
- && (cryptpap || strcmp(passwd, secret) != 0)
- && strcmp(crypt(passwd, secret), secret) != 0)) {
- warn("PAP authentication failure for %s", user);
- ret = UPAP_AUTHNAK;
+ if (scan_authfile(f, user, our_name, secret, &addrs, &opts, filename) < 0) {
+ warn("no PAP secret found for %s", user);
+ } else if (secret[0] != 0) {
+ /* password given in pap-secrets - must match */
+ if ((!cryptpap && strcmp(passwd, secret) == 0)
+ || strcmp(crypt(passwd, secret), secret) == 0)
+ ret = UPAP_AUTHACK;
+ else
+ warn("PAP authentication failure for %s", user);
+ } else if (uselogin) {
+ /* empty password in pap-secrets and login option */
+ ret = plogin(user, passwd, msg);
+ if (ret == UPAP_AUTHNAK)
+ warn("PAP login failure for %s", user);
+ } else {
+ /* empty password in pap-secrets and login option not used */
+ ret = UPAP_AUTHACK;