.\" manual page [] for pppd 2.0
-.\" $Id: pppd.8,v 1.8 1994/09/16 02:32:09 paulus Exp $
+.\" $Id: pppd.8,v 1.10 1995/05/01 01:43:54 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
Use the modem control lines. This option is the default. With this
option,
.B pppd
-will wait for the carrier detect signal from the modem to be asserted
+will wait for the CD (Carrier Detect) signal from the modem to be asserted
when opening the serial device
-(unless a connect script is specified), and it will drop the data
-terminal ready signal briefly when the connection is terminated and before
+(unless a connect script is specified), and it will drop the DTR (Data
+Terminal Ready) signal briefly when the connection is terminated and before
executing the connect script.
On Ultrix, this option implies hardware
flow control, as for the \fBcrtscts\fR option.
.B local
Don't use the modem control lines. With this option,
.B pppd
-will ignore the state of the carrier detect signal from the modem and
-will not change the state of the data terminal ready signal.
+will ignore the state of the CD (Carrier Detect) signal from the modem and
+will not change the state of the DTR (Data Terminal Ready) signal.
.TP
.B mtu \fI<n>
Set the MTU [Maximum Transmit Unit] value to \fI<n>\fR. Unless the
Set the assumed name of the remote system for authentication purposes
to <n>.
.TP
+.B papcrypt
+Indicates that all secrets in the /etc/ppp/pap-secrets file which
+are used for checking the identity of the peer are encrypted, and thus
+pppd should not accept a password which (before encryption) is
+identical to the secret from the /etc/ppp/pap-secrets file.
+.TP
.B proxyarp
Add an entry to this system's ARP [Address Resolution Protocol] table
with the IP address of the peer and the Ethernet address of this
.LP
A secrets file is parsed into words as for a options file. A secret
is specified by a line containing at least 3 words, in the order
-client, server, secret. Any following words on the same line are
+client name, server name, secret. Any following words on the same line are
taken to be a list of acceptable IP addresses for that client. If
there are only 3 words on the line, it is assumed that any IP address
is OK; to disallow all IP addresses, use "-". If the secret starts
password supplied by the peer. If the password doesn't match the
secret, the password is encrypted using crypt() and checked against
the secret again; thus secrets for authenticating the peer can be
-stored in encrypted form. If the \fBlogin\fR option was specified, the
+stored in encrypted form. If the \fBpapcrypt\fR option is given, the
+first (unencrypted) comparison is omitted, for better security.
+.LP
+If the \fBlogin\fR option was specified, the
username and password are also checked against the system password
database. Thus, the system administrator can set up the pap-secrets
file to allow PPP access only to certain users, and to restrict the
-set of IP addresses that each user can use.
+set of IP addresses that each user can use. Typically, when using the
+\fBlogin\fR option, the secret in /etc/ppp/pap-secrets would be "", to
+avoid the need to have the same secret in two places.
.LP
Secrets are selected from the CHAP secrets file as follows:
.TP 2