.\" manual page [] for pppd 2.0
-.\" $Id: pppd.8,v 1.9 1995/04/24 05:53:35 paulus Exp $
+.\" $Id: pppd.8,v 1.10 1995/05/01 01:43:54 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
Set the assumed name of the remote system for authentication purposes
to <n>.
.TP
+.B papcrypt
+Indicates that all secrets in the /etc/ppp/pap-secrets file which
+are used for checking the identity of the peer are encrypted, and thus
+pppd should not accept a password which (before encryption) is
+identical to the secret from the /etc/ppp/pap-secrets file.
+.TP
.B proxyarp
Add an entry to this system's ARP [Address Resolution Protocol] table
with the IP address of the peer and the Ethernet address of this
.LP
A secrets file is parsed into words as for a options file. A secret
is specified by a line containing at least 3 words, in the order
-client, server, secret. Any following words on the same line are
+client name, server name, secret. Any following words on the same line are
taken to be a list of acceptable IP addresses for that client. If
there are only 3 words on the line, it is assumed that any IP address
is OK; to disallow all IP addresses, use "-". If the secret starts
password supplied by the peer. If the password doesn't match the
secret, the password is encrypted using crypt() and checked against
the secret again; thus secrets for authenticating the peer can be
-stored in encrypted form. If the \fBlogin\fR option was specified, the
+stored in encrypted form. If the \fBpapcrypt\fR option is given, the
+first (unencrypted) comparison is omitted, for better security.
+.LP
+If the \fBlogin\fR option was specified, the
username and password are also checked against the system password
database. Thus, the system administrator can set up the pap-secrets
file to allow PPP access only to certain users, and to restrict the
-set of IP addresses that each user can use.
+set of IP addresses that each user can use. Typically, when using the
+\fBlogin\fR option, the secret in /etc/ppp/pap-secrets would be "", to
+avoid the need to have the same secret in two places.
.LP
Secrets are selected from the CHAP secrets file as follows:
.TP 2