xref: /illumos-gate/usr/src/cmd/cmd-inet/etc/ppp/chap-secrets (revision 2aeafac3612e19716bf8164f89c3c9196342979c)
1#ident	"%Z%%M%	%I%	%E% SMI"
2#
3# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
4# Use is subject to license terms.
5#
6# CDDL HEADER START
7#
8# The contents of this file are subject to the terms of the
9# Common Development and Distribution License, Version 1.0 only
10# (the "License").  You may not use this file except in compliance
11# with the License.
12#
13# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14# or http://www.opensolaris.org/os/licensing.
15# See the License for the specific language governing permissions
16# and limitations under the License.
17#
18# When distributing Covered Code, include this CDDL HEADER in each
19# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20# If applicable, add the following below this CDDL HEADER, with the
21# fields enclosed by brackets "[]" replaced with your own identifying
22# information: Portions Copyright [yyyy] [name of copyright owner]
23#
24# CDDL HEADER END
25#
26# Secrets for authentication using CHAP (Challenge Handshake Authentication
27# Protocol) are placed here.  Each line is a separate entry and consists of
28# a list of space or tab separated tokens.
29#
30#	client	server	secret	[IP addresses ["--" options]]
31#
32# When authenticating to a peer (so-called "client mode;" as when dialing
33# out to an ISP), the "client" will be matched using the local name and
34# "server" will use the remote peer's name.  CHAP does specify an
35# authenticator name, but some peers (such as Windows NT) do not provide
36# a peer name, and the "remotename <name>" option should then be used.
37# Typically, the "user <name>" option is also to specify the local name.
38#
39# When authenticating a peer (so-called "server mode;" as when allowing
40# dial-up access to this system), the remote peer's name is the "client"
41# and the local system name is the "server."  In this case, the privileged
42# "name <name>" option is sometimes used to set the local name.  The "user
43# <name>" option cannot be used.  The remote peer's name comes from the
44# CHAP messages the peer sends.
45#
46# After the secret, which must always be clear text for CHAP, a list of
47# valid IP addresses for the peer appears.  This must be present when
48# acting as a server.  Usually, this is specified as "*" and actual IP
49# addresses are given in the options.  If a given dial-in peer has an
50# allocated IP address ("static IP addressing"), then this address may
51# be given here.  If there's exactly one address, then this will be sent
52# to the peer as a hint.
53#
54# The entry may also have extra options after a -- token.  These are
55# interpreted as privileged pppd options, and may be used to enable
56# proxyarp or other optional features.
57