9fans archive / 1997 / 01 / 5 /    prev next

From: Russ Cox rsc@res...
Subject: ppp with chap available
Date: Thu, 9 Jan 1997 18:46:51 +0500

Hello.  I have patched ppp to do 
chap authentication on the client side.
You need {ftp,http}://plan9.bell-labs.com/cm/cs/who/rsc/ppp.rc,
which assumes you are expanding from 
clean CD distribution source.
In particular, it has been hand edited and
assumes that the original md5sum.l is 
in ../md5sum.l from the ppp directory
(usually /n/cd/sys/src/cmd/ppp).  While it
doesn't touch ../md5sum.l, it copies it to
md5.l in the ppp directory and modifies it
for use in the chap authentication.

Note that ppp.rc contains forsyth's original changes
to ppp, as well as the patches I posted last September
and a one-line change to md5.l from 
/plan9/update/cmd/md5sum.rc.  Note also
that if you didn't do it before, you need to
apply stip.rc to the 9/port directory.  It changes
the setip messages to allow a '-' to mean ``
the default value.''  This is used by ppp to
set the mtu.

In a chap-authentication challenge, a domain is
sent.  For AT&T Worldnet, its something like:
nycny25ev!nycny51rs06rd001@els....
Other ppp servers might not use it.

To discover the domain your server uses, just run
pppclient and see what it prints out for a domain
to standard error.

Pppclient reads $home/lib/ppp-chap-secrets
which takes the form:
substring     name     secret
substring     name     secret
*             dfl-name dfl-secret
...

The file is read until one of the substrings
is found in the sent domain.  The special
substring '*' matches anything and should
be used at the end of the file, if at all.

Unlike the last time I posted a ppp patch,
the pppserver still compiles and works after
this one.

Comments appreciated.

Russ