Password Authentication Protocol (PAP) is a protocol for authenticating the login process of a PPP connection.

In the conventional process used at VSNL the client and server exchange plain-text usernames and passwords. Not with PAP; its authentication takes place at the Link Control Protocol (LCP) stage, which is the first step to establishing a PPP link.

Satyam, India’s first private ISP, uses PAP authentication; VSNL is doing so on ISDN connections and on newer TCP/IP connections in some cities.

Does my ISP use PAP?

A good way is to call your ISP and ask. Unfortunately, not all of the tech help seem to know what PAP is and whether they are using it, in which case the only solution may be to dial into the TCP/IP dial-in numbers and check for yourself.

You can use a program such as Telix or HyperTerminal, to manually dial into the ISP. If after the modem handshaking process, your screen fills with lines of what look like this:

~y}#.!}!}!} }8}!}$}%U}"}&} } } }

....and it keeps on coming, you can be pretty sure your server uses PAP. If you get a username prompt, it isn’t. You may want to do this twice to see that this isn’t junk from a bad connection.

Configuring PPPD for PAP support

That sounds a lot harder than it actually is. In fact, configuring PAP is much easier than configuring a text based login sequence. That’s because all the authentication is done by PPPD (the PPP daemon process), eliminating the need for complex chat scripts.

While PPPD takes many configuration options and settings for specialized environments, setting up a Linux machine as a PPP client using PAP merely involves editing two files: /etc/ppp/options, and /etc/ppp/pap-secrets.

(You should, of course, have a working TCP/IP and PPP set up on the Linux PC. To know more about setting up PPP on Linux, read the article "Connecting to the Internet using Linux" at pcquest.com/may98/ or PCQ May ’98, page 51.)

Open up the file /etc/ppp/options in your text editor.

(You’ll need to be logged in as root to do this.)

Let’s say our dial-up login name is "pcq", and our password is "coverstory99". Right at the top of the file, add the line:

Next, open the file /etc/ppp/pap-secrets, and add this line:

A complete pap-secrets file will look something like this :

After this, you should remember to remove any authentication sequences from your dial-in chat script. Your chat script now only needs to dial in and establish a connection (by waiting for the modems CONNECT string), and then return.

PAP authentication is much simpler to use, as well as more reliable that a conventional text-based login. If you have any trouble setting it up, I’d suggest you read the PPP-HOWTO for specific differences in the authentication processes your ISP may be using.