by July 6, 2001 0 comments

Password Authentication Protocol (PAP) is a protocol
for authenticating the login process of a PPP connection.

In the conventional process used at VSNL the client and server
exchange plain-text usernames and passwords. Not with PAP; its authentication takes place
at the Link Control Protocol (LCP) stage, which is the first step to establishing a PPP

Satyam, India’s first private ISP, uses PAP authentication;
VSNL is doing so on ISDN connections and on newer TCP/IP connections in some cities.

Does my ISP use PAP?

A good way is to call your ISP and ask. Unfortunately, not all of
the tech help seem to know what PAP is and whether they are using it, in which case the
only solution may be to dial into the TCP/IP dial-in numbers and check for yourself.

You can use a program such as Telix or HyperTerminal, to manually
dial into the ISP. If after the modem handshaking process, your screen fills with lines of
what look like this:

~y}#.!}!}!} }8}!}$}%U}”}&} } } }

….and it keeps on coming, you can be pretty sure your server uses
PAP. If you get a username prompt, it isn’t. You may want to do this twice to see
that this isn’t junk from a bad connection.

Configuring PPPD for PAP support

That sounds a lot harder than it actually is. In fact, configuring
PAP is much easier than configuring a text based login sequence. That’s because all
the authentication is done by PPPD (the PPP daemon process), eliminating the need for
complex chat scripts.

While PPPD takes many configuration options and settings for
specialized environments, setting up a Linux machine as a PPP client using PAP merely
involves editing two files: /etc/ppp/options, and /etc/ppp/pap-secrets.

(You should, of course, have a working TCP/IP and PPP set up on the
Linux PC. To know more about setting up PPP on Linux, read the article “Connecting to
the Internet using Linux” at
or PCQ May ’98, page 51.)

Open up the file /etc/ppp/options in your text editor.

(You’ll need to be logged in as root to do this.)

Let’s say our dial-up login name is “pcq”, and our
password is “coverstory99”. Right at the top of the file, add the line:

name pcq

Next, open the file /etc/ppp/pap-secrets, and add this line:

pcq * coverstory99
(coverstory99 is our password)

A complete pap-secrets file will look something like this :

# Secrets for authentication using
# client server secret acceptable local IP addresses
pcq * coverstory99

After this, you should remember to remove any authentication
sequences from your dial-in chat script. Your chat script now only needs to dial in and
establish a connection (by waiting for the modems CONNECT string), and then return.

PAP authentication is much simpler to use, as well as more reliable
that a conventional text-based login. If you have any trouble setting it up, I’d
suggest you read the PPP-HOWTO for specific differences in the authentication processes
your ISP may be using.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.