#ident "%Z%%M% %I% %E% SMI"
#
# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Secrets for authentication using CHAP (Challenge Handshake Authentication
# Protocol) are placed here. Each line is a separate entry and consists of
# a list of space or tab separated tokens.
#
# client server secret [IP addresses ["--" options]]
#
# When authenticating to a peer (so-called "client mode;" as when dialing
# out to an ISP), the "client" will be matched using the local name and
# "server" will use the remote peer's name. CHAP does specify an
# authenticator name, but some peers (such as Windows NT) do not provide
# a peer name, and the "remotename <name>" option should then be used.
# Typically, the "user <name>" option is also to specify the local name.
#
# When authenticating a peer (so-called "server mode;" as when allowing
# dial-up access to this system), the remote peer's name is the "client"
# and the local system name is the "server." In this case, the privileged
# "name <name>" option is sometimes used to set the local name. The "user
# <name>" option cannot be used. The remote peer's name comes from the
# CHAP messages the peer sends.
#
# After the secret, which must always be clear text for CHAP, a list of
# valid IP addresses for the peer appears. This must be present when
# acting as a server. Usually, this is specified as "*" and actual IP
# addresses are given in the options. If a given dial-in peer has an
# allocated IP address ("static IP addressing"), then this address may
# be given here. If there's exactly one address, then this will be sent
# to the peer as a hint.
#
# The entry may also have extra options after a -- token. These are
# interpreted as privileged pppd options, and may be used to enable
# proxyarp or other optional features.