PPP authentication methods

PPP authentication provides that a host, before establishing a PPP connection, may require that the other host uniquely identify itself using prearranged, secure data known to both hosts. SCO PPP supports three methods of authentication in the form of two protocols: Challenge-Handshake Authentication Protocol (CHAP), the Microsoft extension to the CHAP protocol (MSCHAP) and Password Authentication Protocol (PAP).

Authentication and the protocol to be used are selectable on a per-endpoint basis within PPP endpoint configurations. Therefore, some PPP links may require authentication and others may not; some PPP links may use PAP and others may use CHAP, or MSCHAP.

The default status of any PPP link is not to require authentication of the remote host. If a PPP link must require authentication, the entry defined for the endpoint in the /etc/ppphosts file must include one of the authentication parameters auth=chap, auth=mschap or auth=pap. See the pppauth(SFF) manual page for the format of this file, and a comparison of the CHAP, MSCHAP and PAP methods of authentication.

For a detailed description of the CHAP, MSCHAP and PAP protocols, see RFC 1334.