"Linux Gazette...making Linux just a little more fun!"


PAP HOWTO

By Terry Martin


This Document is covered by the GPL and can be used in anyway seen fit from the license.

This document is not intended to replace the ppp-howto it is intended to be a primer as howto setup PAP for calling an ISP that refuses tech support to a Linux user.

PAP=Password Authentication Protocol.

If your not sure if your ISP uses pap just bring minicom up and atdt<isp-number> and wait for the modem to connect.

If you get login: or some variant of that your isp is not using pap and this paper is not for you.

If you get a line or two of trash like:

 
{}{}{}{}{}}}}{{}{}}}{}{}{}{}[][][][][ 
 
You know it's looking for PAP or mschap.

I won't deal with MSChap since I don't have access to an ISP that uses it and I wouldn't want to knowing the reliability of NT. Now assuming your dealing with chap we need to figure out what version of pppd your using. Type /usr/sbin/pppd --version and you will get the version number, I'll cover versions 2.2.0-f and 2.3.5 in this doc as thats what I'm familiar with.

pppd 2.2.0 version.

This section I will cover the setup and impletation of pap with older distributions like RH 4.2 and Slackware 3.6 use this older version of the pppd daemon.

I prefer pico for the new users as editors of choice for console. If you don't have it look into getting the latest Pine release it's part of it.

You have to edit your ppp-on script if you have one if not I'll include one here. You need to look into /usr/doc/pppd*/scripts for the ppp scripts, at least thats where the defaults reside with RedHat.

Here's what my ppp-on looks like:

This is setup for your modem being on com2 in dos or /dev/ttyS1 in Linux. You need to use ttySxx since the /dev/cua1 is now a defunct format with the 2.2.x kernels. If you plan to upgrade to kernel 2.2.x you need upgrade your pppd to at least pppd-2.3.x to keep ppp working.

 
#!/bin/sh
TELEPHONE=<your-isp-phonenumber>

LOCAL_IP=0.0.0.0        # Local IP address if known. Dynamic = 0.0.0.0
REMOTE_IP=0.0.0.0       # Remote IP address if desired. Normally 0.0.0.0
NETMASK=255.255.255.0   # The proper netmask if needed

export TELEPHONE   

DIALER_SCRIPT=/etc/ppp/ppp-on-dialer

exec  /usr/sbin/pppd debug lock modem crtscts /dev/ttyS1 115200 \
        asyncmap 20A0000 escape FF kdebug 0 $LOCAL_IP:$REMOTE_IP \
        noipdefault netmask $NETMASK defaultroute connect $DIALER_SCRIPT \
        +ua /etc/ppp/pap-secret
Thats what your ppp-on file will need to make pap work. As you can see your login name and password are no longer included in this file so that closes a security risk there.

Anyplace you see <name> always omit the < > and just use the information needed.

Next you need to edit /etc/ppp/ppp-on-dialer to disable the looking for a login and password lines.

Example:

 
#!/bin/sh
#
# This is part 2 of the ppp-on script. It will perform the connection
# protocol for the desired connection.
#
# This is the ppp-on-dialer for PAP with pppd-2.2.0
exec /usr/sbin/chat -v                                  \
        TIMEOUT         3                               \
        ABORT           '\nBUSY\r'                      \
        ABORT           '\nNO ANSWER\r'                 \
        ABORT           '\nRINGING\r\n\r\nRINGING\r'    \
        ''              \rAT                            \
        'OK-+++\c-OK'   ATH0                            \
        TIMEOUT         30                              \
        OK              ATDT$TELEPHONE                  \
        CONNECT         ''                              \

Now we'll cover the password file setup and format. This next part is easy all you need is a file named pap-secret with the login name and password on separate lines.

i.e., pap-secret with pppd-2.2.0

greg
stinky1
After you make this file if it's not there. As root type
 
 chmod -r pap-secret
Please don't forget the /etc/resolv.conf file for your DNS numbers.

I know I said this wasn't goin to be a ppp-howto but I'll include /etc/resolv.conf just to save headaches and email as to why it don't it work.

 
domain <your.isp.com>
search <your.isp.com>
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
Your /etc/resolv.conf should look something like this with the proper information edited.

Put the ppp-on in /usr/sbin/ and put ppp-on-dialer in /etc/ppp with pap-secret as root

 
cp ppp-on /usr/sbin/
cp ppp-on-dialer /etc/ppp
cp pap-secret /etc/ppp
Now all you should have to do is type ppp-on and you should get connected to the net with Linux. Enjoy.

pppd-2.3.5

Seting up PAP with pppd-2.3.5 is as easy as pppd-2.2.0 just the syntax has changed in the ppp-on script. Please refer to the ppp-on-dialerand the resolv.conf in the above for it so I don't have to repeat myself here.

Heres an example ppp-on script.

 
#!/bin/sh

TELEPHONE=<you-isp-phone-number>

LOCAL_IP=0.0.0.0        # Local IP address if known. Dynamic = 0.0.0.0
REMOTE_IP=0.0.0.0       # Remote IP address if desired. Normally 0.0.0.0
NETMASK=255.255.255.0   # The proper netmask if needed

export TELEPHONE

DIALER_SCRIPT=/etc/ppp/ppp-on-dialer

exec  /usr/sbin/pppd debug lock modem crtscts /dev/cua1 115200 \
        asyncmap 20A0000 escape FF kdebug 0 name catfish $LOCAL_IP:$REMOTE_IP \
        noipdefault netmask $NETMASK defaultroute connect $DIALER_SCRIPT \
 
Thats about all there is to it for ppp-on with pppd-2.3.5 and PAP.

Now for the /etc/pap-secret file the syntax here has changed from the earlier pppd-2.2.0 also.

All you need here now is a single line with your login name the interface and your password.

So your pap-scret file would look like so.

I.E. pap-secret

 
<loginname> ppp0 <password>
Well thats all there is to it for the PAP howto, pretty basic stuff when theres documents for it.

Enjoy and happy surfing. Terry Martin aka catfish on newnet #alt.linux catfish@alltel.net

If for some reason you can't get it to work or you find an error please email me.


Copyright © 1999, Terry Martin
Published in Issue 38 of Linux Gazette, March 1999


[ TABLE OF CONTENTS ] [ FRONT PAGE ]  Back  Next