Configuring the Point-to-Point Protocol (PPP)

Incoming authentication options

The following details define how the global bundle will use CHAP and PAP authentication for all incoming connections.

NOTE: These values are applied to all incoming connections because PPP must authenticate a caller before it can associate them with a bundle. If you change the Incoming Authentication settings within one bundle, you effectively change these settings for all bundles which define incoming connections.

Authenticate remote using CHAP

Whether the local host authenticates the remote host using CHAP.

Authenticate remote using PAP

Whether the local host authenticates the remote host using PAP.

Override name for transmitted CHAP/PAP packets

Specify a name to be used instead of the local host name in outgoing CHAP or PAP packets.

It may be necessary to use this attribute in the following cases:

Case Description

Local host uses CHAP to authenticate the remote host. The specified name overrides the local host name in the outgoing challenge and in the outgoing acknowledgment of success or failure.
For example, this allows you to configure local servers to use the same name when authenticating incoming connections.

Remote host uses CHAP to authenticate the local host. The specified name overrides the local host name in the outgoing response to a received challenge. This allows you to supply a name other than the local host name for the remote host to look up in its authentication database (unless it chooses to override it with a different name).

Remote host uses PAP to authenticate the local host. The specified name overrides the local host name in the outgoing authentication request. This allows you to supply a name other than the local host name which the remote host will use to look up a password in its authentication database (unless it chooses to override the supplied name with a different name).
The authentication database entry for the defined name must contain a PAP remote secret (password).

Override name for received CHAP/PAP packets

Case	Description
Local host uses CHAP to authenticate the remote host.	The specified name overrides the local host name in the outgoing challenge and in the outgoing acknowledgment of success or failure. For example, this allows you to configure local servers to use the same name when authenticating incoming connections.
Remote host uses CHAP to authenticate the local host.	The specified name overrides the local host name in the outgoing response to a received challenge. This allows you to supply a name other than the local host name for the remote host to look up in its authentication database (unless it chooses to override it with a different name).
Remote host uses PAP to authenticate the local host.	The specified name overrides the local host name in the outgoing authentication request. This allows you to supply a name other than the local host name which the remote host will use to look up a password in its authentication database (unless it chooses to override the supplied name with a different name). The authentication database entry for the defined name must contain a PAP remote secret (password).

Specify a name that will be used to look up a CHAP secret or a PAP password in the authentication database. This can be used to override the name that the peer sent in an incoming CHAP or PAP packet. It can also be used to look up a PAP password to supply to a remote authenticator instead of looking up a password for the local host name (this is overridden by the name specified for transmitted packets in the bundle).

It may be necessary to use this attribute in the following cases:

Case Description

Local host uses CHAP to authenticate the remote host. PPP looks up a secret corresponding to the name so that it can check the validity of a response value that it has received. Normally, PPP would look for a secret corresponding to the name supplied by the remote host in the incoming response. For example, this allows you to configure a single name-secret pair for authenticating several remote systems or users.
The authentication database entry for the defined name must contain a CHAP local secret. PPP uses the secret and the value that it sent in its challenge to calculate a value that it can compare with the response value that it has received from the peer. If the calculated value and the response value are the same, the remote host is authentic.

Remote host uses CHAP to authenticate the local host. PPP looks up a secret corresponding to the name so that it can calculate a response value and send it to the remote host. Normally, PPP would look for a secret corresponding to the name supplied by the remote host in the incoming challenge.
The authentication database entry for the defined name must contain a CHAP remote secret. PPP uses the secret and the value that it received in the challenge packet to calculate the value in the response packet that it sends to the remote authenticator.

Local host uses PAP to authenticate the remote host. PPP uses the specified name to look up a password to check against the one it has received in an authentication request. Normally, PPP would look up a password for the name supplied by the remote host in the incoming authentication request. For example, this allows you to configure a single name-password pair for authenticating several remote systems or users.
The authentication database entry for the defined name must contain a PAP local secret (password).

Remote host uses PAP to authenticate the local host. PPP looks up a secret (password) corresponding to the specified name and sends this in an authentication request to the remote host. Normally, the name that is transmitted in the request (the local host name which may also be overridden) would be used to look up the secret.
The authentication database entry for the defined name must contain a PAP remote secret (password).

Time allowed for authentication phase

The time in seconds allowed for authentication to be performed.

Case	Description
Local host uses CHAP to authenticate the remote host.	PPP looks up a secret corresponding to the name so that it can check the validity of a response value that it has received. Normally, PPP would look for a secret corresponding to the name supplied by the remote host in the incoming response. For example, this allows you to configure a single name-secret pair for authenticating several remote systems or users. The authentication database entry for the defined name must contain a CHAP local secret. PPP uses the secret and the value that it sent in its challenge to calculate a value that it can compare with the response value that it has received from the peer. If the calculated value and the response value are the same, the remote host is authentic.
Remote host uses CHAP to authenticate the local host.	PPP looks up a secret corresponding to the name so that it can calculate a response value and send it to the remote host. Normally, PPP would look for a secret corresponding to the name supplied by the remote host in the incoming challenge. The authentication database entry for the defined name must contain a CHAP remote secret. PPP uses the secret and the value that it received in the challenge packet to calculate the value in the response packet that it sends to the remote authenticator.
Local host uses PAP to authenticate the remote host.	PPP uses the specified name to look up a password to check against the one it has received in an authentication request. Normally, PPP would look up a password for the name supplied by the remote host in the incoming authentication request. For example, this allows you to configure a single name-password pair for authenticating several remote systems or users. The authentication database entry for the defined name must contain a PAP local secret (password).
Remote host uses PAP to authenticate the local host.	PPP looks up a secret (password) corresponding to the specified name and sends this in an authentication request to the remote host. Normally, the name that is transmitted in the request (the local host name which may also be overridden) would be used to look up the secret. The authentication database entry for the defined name must contain a PAP remote secret (password).