PPP PAP dial-in under Solaris
       ------------------------------

In a kempston.net|bolthole.com co-operative venture, the following
information was discovered, on how to get dial-in PAP auth working,
with solaris stock asppp drivers.

ASSUMPTIONS:

1. you give specific IP addresses and passwords to specific users, 1 to 1.

2. This port and modem can ONLY be used for PAP DIALIN.
   Regular authentication will no longer work

3. You should have NO PPP accounts without PAP authentication required.
  Otherwise, you just gave someone password-free access to your system!

STEPS:

(these all assume you want the service on /dev/term/b, otherwise
 known as ttyb)

1. remove any old service on that port:

  pmadm -r -p zsmon -s ttyb

2. Add the new service definition:

pmadm -a -p zsmon -s ttyb -i root -v `/usr/sbin/ttyadm -V` -fu \
-m "/dev/term/b:c::/usr/sbin/aspppls::modem:ldterm,ttcompat::::n:#PPP-PAP in"

"modem" is an entry in /etc/ttydefs.
Or, you could just use "...:115200:ldterm,..."

3. make an appropriate entry in /etc/asppp.cf

path
        ipcp_async_map 0 
        inactivity_timeout 0
        interface ipdptp0
        peer_system_name .zsmon
        peer_ip_address ppp_client1addr
        require_authentication pap
        pap_peer_id incomingusername
        pap_peer_password incomingpassword


"peer_system_name .zsmon" is magic. "Just do it."

------------------------------------------------------------

In theory, you might also be able to use the "multipoint" asppp configs.
But most people dont care about that stuff, and you should probably stay
away from it :-) But if you care, theoretically, it could be almost
identical:


  path
     inactivity_timeout 300
     interface ipd0
     peer_system_name .zsmon
     peer_ip_address ppp_client1addr
     require_authentication pap
     pap_peer_id incomingusername
     pap_peer_password incomingpassword