Contents:
Part Three:
- Page 1
Setting up a Conection to a Remote UNIX Host
- Configuring a Dedicated SLIP Port
for a Remote UNIX Host
- Configuring a Dedicated PPP Port Remote
UNIX Host
- Page 2
Setting up CHAP
Click
Here to go to Page 1
- Setting up a Connection to a Remote UNIX Host
Setting up CHAP
The Communications Server supports the CHAP protocol. Challenge Handshake
Authentication Protocol is an authentication method which takes place
during the negotiation phase of a PPP connection.
Each end of the PPP connection associates a host name with a 'secret'.
A sequence number, random challenge string and the secret are combined
and sent in response to a CHAP challenge. This is then verified by the
challenger. If they match, the challenge is successful and authentication
is achieved. If authentication fails, the PPP session is disconnected.
CHAP can also be used to continuously authenticate the client system
on an active PPP session. A client must respond to CHAP challenges when
periodically sent from the server.
CHAP can be configured using the web configuration utility. See the
section 'Configuring a PPP port for
a modem using a modem dialer'.
Using CHAP on a PPP
Connection
By default, a client wishing to authenticate using CHAP will be allowed
to. The Communications Server will use its secrets database (see below)
to respond to the CHAP challenge as required. The Communications Server
will also respond to any client CHAP rechallenges as required. To force
an EasyServer PPP connection to authenticate using CHAP, the port should
have CHAP enabled. This is done with the command:
CHANGE PORT x PPP CHAP
ENABLED
To configure EasyServer CHAP to rechallenge the client periodically,
set the RECHALLENGE INTERVAL parameter of CHAP on the port.
CHANGE PORT X PPP CHAP RECHALLENGE INTERVAL seconds
where seconds is the interval between CHAP rechallenges.
The Communications Server will resend lost or ignored challenges every
3 seconds. To configure a maximum number of retries to a lost or ignored
CHAP challenge packet, set the RETRY COUNT parameter of CHAP:
CHANGE PORT X PPP CHAP
RETRY COUNT count
The count value is the number of times to resend a challenge.
If this number is reached with no response then the EasyServer will
disconnect the PPP connection. To display the current settings of CHAP
and its parameters, use the SHOW PORT command:
SHOW PORT X PPP
Setting up a Secrets
Database
A secrets database is a list of names associated with a secret string.
Generally the names are system hostnames, although there is no requirement
for this to be the case. The secret string can be any ASCII characters.
To create a secrets table entry:
CHANGE SECRET HOST hostname
SECRET secret
If the secret contains any non-alphanumeric characters then it should
be enclosed in " " characters. White space is acceptable, as are
punctuation characters. To list the contents of the secrets database
use:
SHOW SECRETS
This will list out the contents of the Communications Server's entire
operational secrets database. The commands to create, modify and access
the secrets database are all privileged commands. To list the contents
of the server's permanent secrets database use the LIST command instead
of the SHOW command.
To remove a secret from the server's operational secrets database use:
CLEAR SECRET HOST hostname
To clear the entire secrets database use:
CLEAR SECRET ALL
To remove secrets from the server's permanent database, use the PURGE
command instead of the CLEAR command.
