#ident	"@(#)chap-secrets	1.1	01/01/24 SMI"
#
# Copyright (c) 2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# Secrets for authentication using CHAP (Challenge Handshake Authentication
# Protocol) are placed here.  Each line is a separate entry and consists of
# a list of space or tab separated tokens.
#
#	client	server	secret	[IP addresses ["--" options]]
#
# When authenticating to a peer (so-called "client mode;" as when dialing
# out to an ISP), the "client" will be matched using the local name and
# "server" will use the remote peer's name.  CHAP does specify an
# authenticator name, but some peers (such as Windows NT) do not provide
# a peer name, and the "remotename <name>" option should then be used.
# Typically, the "user <name>" option is also to specify the local name.
#
# When authenticating a peer (so-called "server mode;" as when allowing
# dial-up access to this system), the remote peer's name is the "client"
# and the local system name is the "server."  In this case, the privileged
# "name <name>" option is sometimes used to set the local name.  The "user
# <name>" option cannot be used.  The remote peer's name comes from the
# CHAP messages the peer sends.
#
# After the secret, which must always be clear text for CHAP, a list of
# valid IP addresses for the peer appears.  This must be present when
# acting as a server.  Usually, this is specified as "*" and actual IP
# addresses are given in the options.  If a given dial-in peer has an
# allocated IP address ("static IP addressing"), then this address may
# be given here.  If there's exactly one address, then this will be sent
# to the peer as a hint.
#
# The entry may also have extra options after a -- token.  These are
# interpreted as privileged pppd options, and may be used to enable
# proxyarp or other optional features.
