.\" manual page [] for pppd 2.0
-.\" $Id: pppd.8,v 1.9 1995/04/24 05:53:35 paulus Exp $
+.\" $Id: pppd.8,v 1.11 1995/05/01 01:46:40 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
.I <tty_name>
Communicate over the named device. The string "/dev/"
is prepended if necessary. If no device name is given,
+or if the name of the controlling terminal is given,
.I pppd
will use the controlling terminal, and will not fork to put itself in
the background.
Set the assumed name of the remote system for authentication purposes
to <n>.
.TP
+.B papcrypt
+Indicates that all secrets in the /etc/ppp/pap-secrets file which
+are used for checking the identity of the peer are encrypted, and thus
+pppd should not accept a password which (before encryption) is
+identical to the secret from the /etc/ppp/pap-secrets file.
+.TP
.B proxyarp
Add an entry to this system's ARP [Address Resolution Protocol] table
with the IP address of the peer and the Ethernet address of this
.LP
A secrets file is parsed into words as for a options file. A secret
is specified by a line containing at least 3 words, in the order
-client, server, secret. Any following words on the same line are
+client name, server name, secret. Any following words on the same line are
taken to be a list of acceptable IP addresses for that client. If
there are only 3 words on the line, it is assumed that any IP address
is OK; to disallow all IP addresses, use "-". If the secret starts
password supplied by the peer. If the password doesn't match the
secret, the password is encrypted using crypt() and checked against
the secret again; thus secrets for authenticating the peer can be
-stored in encrypted form. If the \fBlogin\fR option was specified, the
+stored in encrypted form. If the \fBpapcrypt\fR option is given, the
+first (unencrypted) comparison is omitted, for better security.
+.LP
+If the \fBlogin\fR option was specified, the
username and password are also checked against the system password
database. Thus, the system administrator can set up the pap-secrets
file to allow PPP access only to certain users, and to restrict the
-set of IP addresses that each user can use.
+set of IP addresses that each user can use. Typically, when using the
+\fBlogin\fR option, the secret in /etc/ppp/pap-secrets would be "", to
+avoid the need to have the same secret in two places.
.LP
Secrets are selected from the CHAP secrets file as follows:
.TP 2