.\" manual page [] for pppd 2.0
-.\" $Id: pppd.8,v 1.8 1994/09/16 02:32:09 paulus Exp $
+.\" $Id: pppd.8,v 1.14 1995/08/16 01:39:53 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
.I <tty_name>
Communicate over the named device. The string "/dev/"
is prepended if necessary. If no device name is given,
+or if the name of the controlling terminal is given,
.I pppd
will use the controlling terminal, and will not fork to put itself in
the background.
information can be directed to a file by setting up /etc/syslog.conf
appropriately (see syslog.conf(5)).
.TP
+.B \-defaultroute
+Disable the \fBdefaultroute\fR option. The system administrator who
+wishes to prevent users from creating default routes with \fIpppd\fR
+can do so by placing this option in the /etc/ppp/options file.
+.TP
.B domain \fI<d>
Append the domain name <d> to the local host name for authentication
purposes. For example, if gethostname() returns the name porsche, but the
fully qualified domain name is porsche.Quotron.COM, you would use the
domain option to set the domain name to Quotron.COM.
.TP
+.B ipparam \fIstring
+Provides an extra parameter to the ip-up and ip-down scripts. If this
+option is given, the \fIstring\fR supplied is given as the 6th
+parameter to those scripts.
+.TP
.B modem
Use the modem control lines. This option is the default. With this
option,
.B pppd
-will wait for the carrier detect signal from the modem to be asserted
+will wait for the CD (Carrier Detect) signal from the modem to be asserted
when opening the serial device
-(unless a connect script is specified), and it will drop the data
-terminal ready signal briefly when the connection is terminated and before
+(unless a connect script is specified), and it will drop the DTR (Data
+Terminal Ready) signal briefly when the connection is terminated and before
executing the connect script.
On Ultrix, this option implies hardware
flow control, as for the \fBcrtscts\fR option.
.B local
Don't use the modem control lines. With this option,
.B pppd
-will ignore the state of the carrier detect signal from the modem and
-will not change the state of the data terminal ready signal.
+will ignore the state of the CD (Carrier Detect) signal from the modem and
+will not change the state of the DTR (Data Terminal Ready) signal.
.TP
.B mtu \fI<n>
Set the MTU [Maximum Transmit Unit] value to \fI<n>\fR. Unless the
Set the assumed name of the remote system for authentication purposes
to <n>.
.TP
+.B papcrypt
+Indicates that all secrets in the /etc/ppp/pap-secrets file which
+are used for checking the identity of the peer are encrypted, and thus
+pppd should not accept a password which (before encryption) is
+identical to the secret from the /etc/ppp/pap-secrets file.
+.TP
.B proxyarp
Add an entry to this system's ARP [Address Resolution Protocol] table
with the IP address of the peer and the Ethernet address of this
system.
.TP
+.B \-proxyarp
+Disable the \fBproxyarp\fR option. The system administrator who
+wishes to prevent users from creating proxy ARP entries with
+\fIpppd\fR can do so by placing this option in the /etc/ppp/options
+file.
+.TP
.B persist
Do not exit after a connection is terminated; instead try to reopen
the connection.
Set the maximum number of PAP authenticate-request transmissions to
<n> (default 10).
.TP
+.B pap-timeout \fI<n>
+Set the maximum time that
+.I pppd
+will wait for the peer to authenticate itself with PAP to
+<n> seconds (0 means no limit).
+.TP
.B chap-restart \fI<n>
Set the CHAP restart interval (retransmission timeout for challenges)
to <n> seconds (default 3).
.LP
A secrets file is parsed into words as for a options file. A secret
is specified by a line containing at least 3 words, in the order
-client, server, secret. Any following words on the same line are
+client name, server name, secret. Any following words on the same line are
taken to be a list of acceptable IP addresses for that client. If
there are only 3 words on the line, it is assumed that any IP address
is OK; to disallow all IP addresses, use "-". If the secret starts
password supplied by the peer. If the password doesn't match the
secret, the password is encrypted using crypt() and checked against
the secret again; thus secrets for authenticating the peer can be
-stored in encrypted form. If the \fBlogin\fR option was specified, the
+stored in encrypted form. If the \fBpapcrypt\fR option is given, the
+first (unencrypted) comparison is omitted, for better security.
+.LP
+If the \fBlogin\fR option was specified, the
username and password are also checked against the system password
database. Thus, the system administrator can set up the pap-secrets
file to allow PPP access only to certain users, and to restrict the
-set of IP addresses that each user can use.
+set of IP addresses that each user can use. Typically, when using the
+\fBlogin\fR option, the secret in /etc/ppp/pap-secrets would be "", to
+avoid the need to have the same secret in two places.
.LP
Secrets are selected from the CHAP secrets file as follows:
.TP 2
projects / ppp.git / blobdiff