Chapter 7. PAP and CHAP

Starting with version 0.9.1, KPPP has supported directly the most commonly used form of PAP authentication.


There are two different ways to use PAP.

Client side authentication

This variant is used by many commercial ISP's. It basically means that you (or rather, your computer) must authenticate yourself to the ISP's PPP server. The PPP server does not need to authenticate itself to your computer. This is no security issue, as you should know which computer you just tried to dial to.

If your ISP gives you a username and password, and tells you to use PAP authentication, this is the variant you should choose.

Two way authentication

As above, but in this case your computer requires the ISP PPP server to authenticate itself. In order to establish a connection, you must chose the authentication method Script based, not PAP, and you will have to manually edit /etc/ppp/pap-secrets. While KPPP doesn't provide built in support for this variant, it is nevertheless easy to establish a connection.

Preparing KPPP for PAP

  1. Make sure that the file /etc/ppp/options (and ˜/.ppprc if it exists) do not contain one of the following arguments:

    • +pap

    • -pap

    • papcrypt

    • +chap

    • +chap

    • +ua

    • remotename

    It is very unlikely that any of these options are already there, but just to be sure, please check.

  2. Start KPPP

  3. Click Configure

  4. Choose the account you want to use PAP with and click Edit

  5. Choose the Dial tab

  6. Select PAP in the Authentication drop down box.

  7. If you do not want to retype the password each time you dial in, select Store password. This will save the password to a file, so make sure that nobody else has access to your account.

  8. That's it. Close the dialogs, type in the username and password your ISP supplied, and click Connect.