#ident "%Z%%M% %I% %E% SMI" # # Copyright 2005 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License, Version 1.0 only # (the "License"). You may not use this file except in compliance # with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # Secrets for authentication using CHAP (Challenge Handshake Authentication # Protocol) are placed here. Each line is a separate entry and consists of # a list of space or tab separated tokens. # # client server secret [IP addresses ["--" options]] # # When authenticating to a peer (so-called "client mode;" as when dialing # out to an ISP), the "client" will be matched using the local name and # "server" will use the remote peer's name. CHAP does specify an # authenticator name, but some peers (such as Windows NT) do not provide # a peer name, and the "remotename <name>" option should then be used. # Typically, the "user <name>" option is also to specify the local name. # # When authenticating a peer (so-called "server mode;" as when allowing # dial-up access to this system), the remote peer's name is the "client" # and the local system name is the "server." In this case, the privileged # "name <name>" option is sometimes used to set the local name. The "user # <name>" option cannot be used. The remote peer's name comes from the # CHAP messages the peer sends. # # After the secret, which must always be clear text for CHAP, a list of # valid IP addresses for the peer appears. This must be present when # acting as a server. Usually, this is specified as "*" and actual IP # addresses are given in the options. If a given dial-in peer has an # allocated IP address ("static IP addressing"), then this address may # be given here. If there's exactly one address, then this will be sent # to the peer as a hint. # # The entry may also have extra options after a -- token. These are # interpreted as privileged pppd options, and may be used to enable # proxyarp or other optional features.