1*0Sstevel@tonic-gate#ident "%Z%%M% %I% %E% SMI" 2*0Sstevel@tonic-gate# 3*0Sstevel@tonic-gate# Copyright 2005 Sun Microsystems, Inc. All rights reserved. 4*0Sstevel@tonic-gate# Use is subject to license terms. 5*0Sstevel@tonic-gate# 6*0Sstevel@tonic-gate# CDDL HEADER START 7*0Sstevel@tonic-gate# 8*0Sstevel@tonic-gate# The contents of this file are subject to the terms of the 9*0Sstevel@tonic-gate# Common Development and Distribution License, Version 1.0 only 10*0Sstevel@tonic-gate# (the "License"). You may not use this file except in compliance 11*0Sstevel@tonic-gate# with the License. 12*0Sstevel@tonic-gate# 13*0Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14*0Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 15*0Sstevel@tonic-gate# See the License for the specific language governing permissions 16*0Sstevel@tonic-gate# and limitations under the License. 17*0Sstevel@tonic-gate# 18*0Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 19*0Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20*0Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 21*0Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 22*0Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 23*0Sstevel@tonic-gate# 24*0Sstevel@tonic-gate# CDDL HEADER END 25*0Sstevel@tonic-gate# 26*0Sstevel@tonic-gate# Secrets for authentication using CHAP (Challenge Handshake Authentication 27*0Sstevel@tonic-gate# Protocol) are placed here. Each line is a separate entry and consists of 28*0Sstevel@tonic-gate# a list of space or tab separated tokens. 29*0Sstevel@tonic-gate# 30*0Sstevel@tonic-gate# client server secret [IP addresses ["--" options]] 31*0Sstevel@tonic-gate# 32*0Sstevel@tonic-gate# When authenticating to a peer (so-called "client mode;" as when dialing 33*0Sstevel@tonic-gate# out to an ISP), the "client" will be matched using the local name and 34*0Sstevel@tonic-gate# "server" will use the remote peer's name. CHAP does specify an 35*0Sstevel@tonic-gate# authenticator name, but some peers (such as Windows NT) do not provide 36*0Sstevel@tonic-gate# a peer name, and the "remotename <name>" option should then be used. 37*0Sstevel@tonic-gate# Typically, the "user <name>" option is also to specify the local name. 38*0Sstevel@tonic-gate# 39*0Sstevel@tonic-gate# When authenticating a peer (so-called "server mode;" as when allowing 40*0Sstevel@tonic-gate# dial-up access to this system), the remote peer's name is the "client" 41*0Sstevel@tonic-gate# and the local system name is the "server." In this case, the privileged 42*0Sstevel@tonic-gate# "name <name>" option is sometimes used to set the local name. The "user 43*0Sstevel@tonic-gate# <name>" option cannot be used. The remote peer's name comes from the 44*0Sstevel@tonic-gate# CHAP messages the peer sends. 45*0Sstevel@tonic-gate# 46*0Sstevel@tonic-gate# After the secret, which must always be clear text for CHAP, a list of 47*0Sstevel@tonic-gate# valid IP addresses for the peer appears. This must be present when 48*0Sstevel@tonic-gate# acting as a server. Usually, this is specified as "*" and actual IP 49*0Sstevel@tonic-gate# addresses are given in the options. If a given dial-in peer has an 50*0Sstevel@tonic-gate# allocated IP address ("static IP addressing"), then this address may 51*0Sstevel@tonic-gate# be given here. If there's exactly one address, then this will be sent 52*0Sstevel@tonic-gate# to the peer as a hint. 53*0Sstevel@tonic-gate# 54*0Sstevel@tonic-gate# The entry may also have extra options after a -- token. These are 55*0Sstevel@tonic-gate# interpreted as privileged pppd options, and may be used to enable 56*0Sstevel@tonic-gate# proxyarp or other optional features. 57