A sample PAP secrets file might look like this:
# /etc/ppp/pap-secrets # # user server secret addrs vlager-pap c3po cresspahl vlager.vbrew.com c3po vlager DonaldGNUth c3po.lucas.comThe first line is used to authenticate ourselves when talking to c3po. The second line describes how a user named c3po has to authenticate itself with us.
The name vlager-pap in column one is the user name we send to c3po. By default, pppd will pick the local hostname as the user name, but you can also specify a different name by giving the user option, followed by that name.
When picking an entry from the pap-secrets file for authentication with the peer, pppd has to know the remote host's name. As it has no way of finding that out, you have to specify it on the command line using the remotename keyword, followed by the peer's hostname. For instance, to use the above entry for authentication with c3po, we have to add the following option to pppd's command line:
# pppd ...domain vbrew.comIn the fourth field (and all fields following), you may specify what IP-addresses are allowed for that particular host, just as in the CHAP secrets file. The peer may then only request addresses from that list. In the sample file, we require c3po to use its real IP-address.
Note that PAP is a rather weak authentication method, and it is suggested you use CHAP instead whenever possible. We will therefore not cover PAP in greater detail here; if you are interested in using PAP, you will find some more PAP features in the pppd(8) manual page.