An alternative method of using PAP and CHAP with KPPP

This section is based on an email from Keith Brown and explains how to make KPPP work with a generic PAP or CHAP account. If your ISP just gave you a user id and a password for an account, you probably can skip this section, and the instructions in the previous one will be all you need.

PAP seems a lot more complicated at first glance than it really is. The server (the machine you are connecting to) basically tells the client (your machine) to authenticate using PAP. The client (pppd) looks in a specific file for an entry that contains a matching server name, and a client name for this connection, and then sends the password it finds there. That's about it!

Now here's how to make that happen. I am assuming a pppd version of 2.2.x or better and a standard installation of configuration files under /etc/ppp.

For the purposes of illustration, imagine that you have an internet account with with the username userbaz and the password foobar

First, you need to add all this to a file called /etc/ppp/pap-secrets. The format of an entry for our purposes is:


So you would add the following line to /etc/ppp/pap-secrets and then save it :

userbaz     glob           foobar


You can use any name for the server you wish, so long as you use the same name in the pppd arguments, as you'll see shortly. Here it's been shortened to glob, but this name is only used to locate the correct password.

Next you need to set up the connection in KPPP. The basics are the same as any other connection, so we won't go into details here, except to say that you probably want to make sure that /etc/ppp/options is empty, and you don't want to create a login script either.

In the KPPP settings dialog, at the bottom of the Dial tab, is a Customize pppd Arguments button. This brings up an editing dialog. Here you can enter values that will be sent to pppd as command line arguments, and in the case of multiple value arguments, you need to enter each value as a separate entry in the listbox, in the correct order.

You can put in any other arguments you want first. Then add the arguments that pppd uses to handle PAP authentication. In this example, we are going to add user, userbaz, remotename and glob in that order.

The user tells the pppd what user name to look for in the pap-secrets file and then to send to the server. The remotename is used by pppd to match the entry in the pap-secrets file, so again, it can be anything you want so long as it is consistent with the entry in the pap-secrets file.

That's all there is to it, and you should now be able to set up your own connection to a server with PAP authentication. CHAP is not much different. You can see the Linux® Network Administrators Guide for a chap-secrets file format, and the pppd arguments used, and the rest should be simple.