xref: /illumos-gate/usr/src/cmd/cmd-inet/etc/ppp/chap-secrets (revision 7c478bd9)

#ident	"%Z%%M%	%I%	%E% SMI"
#
# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Secrets for authentication using CHAP (Challenge Handshake Authentication
# Protocol) are placed here.  Each line is a separate entry and consists of
# a list of space or tab separated tokens.
#
#	client	server	secret	[IP addresses ["--" options]]
#
# When authenticating to a peer (so-called "client mode;" as when dialing
# out to an ISP), the "client" will be matched using the local name and
# "server" will use the remote peer's name.  CHAP does specify an
# authenticator name, but some peers (such as Windows NT) do not provide
# a peer name, and the "remotename <name>" option should then be used.
# Typically, the "user <name>" option is also to specify the local name.
#
# When authenticating a peer (so-called "server mode;" as when allowing
# dial-up access to this system), the remote peer's name is the "client"
# and the local system name is the "server."  In this case, the privileged
# "name <name>" option is sometimes used to set the local name.  The "user
# <name>" option cannot be used.  The remote peer's name comes from the
# CHAP messages the peer sends.
#
# After the secret, which must always be clear text for CHAP, a list of
# valid IP addresses for the peer appears.  This must be present when
# acting as a server.  Usually, this is specified as "*" and actual IP
# addresses are given in the options.  If a given dial-in peer has an
# allocated IP address ("static IP addressing"), then this address may
# be given here.  If there's exactly one address, then this will be sent
# to the peer as a hint.
#
# The entry may also have extra options after a -- token.  These are
# interpreted as privileged pppd options, and may be used to enable
# proxyarp or other optional features.