--- backend3.orig/net-pppoe	2008-03-02 21:04:00 +0300
+++ backend3/net-pppoe	2008-03-02 23:19:04 +0300
@@ -1,7 +1,6 @@
 #!/bin/sh -ef
 
 PATH=/usr/lib/alterator-net-common:$PATH
-chapfile=/etc/ppp/chap-secrets
 
 ################### shell file helpers
 
@@ -79,12 +78,14 @@
 	
 	if [ -n "$in_login" ] ;then
 		sed -r "s,^user[[:space:]].*,user $in_login," -i "$name/pppoptions"
-		sed -r "s,^$prev_login[[:space:]]*,$in_login	," -i "$chapfile"
 		prev_login="$in_login"
 	fi
 	if [ -n "$in_password" ]; then
 		in_password=$(echo "$in_password"|sed -e 's/["]/\\\\&/g')
-		sed -r "s,^$prev_login[[:space:]].*,$prev_login	*	\"$in_password\"	*," -i "$chapfile"
+		sed -r "s,^password[[:space:]].*,password $in_password," -i "$name/pppoptions"
+		
+		# deny users from reading the password
+		chmod o-rw "$name/pppoptions"
 	fi
 
 	ifdown "$1" && ifup "$1"
@@ -92,8 +93,6 @@
 
 new_iface()
 {
-	grep -qs "^$in_login[[:space:]]" "$chapfile" && return 1
-
 	local name="/etc/net/ifaces/$1"
 	in_password=$(echo "$in_password"|sed -e 's/["]/\\\\&/g')
 
@@ -105,9 +104,11 @@
 	shell_add_or_subst "PPPMAXFAIL=" "0" "$name/options"
 	
 	shell_add_or_subst "user " "$in_login" "$name/pppoptions"
-
-	echo "$in_login	*	\"$in_password\"	*" >>"$chapfile"
-
+	shell_add_or_subst "password " "$in_password" "$name/pppoptions"
+	
+	# deny users from reading the password
+	chmod o-rw "$name/pppoptions"
+	
 	ifup "$1"
 	return 0
 }
@@ -119,10 +120,9 @@
 	local name="/etc/net/ifaces/$1"
 	local prev_login="$(grep '^user' "$name/pppoptions"|sed -r 's,user[[:space:]]*,,')"
 
-	sed -r "/^$prev_login[[:space:]]/ d" -i "$chapfile"
-	rm -rf "$name"
-
-	ifdown "$1"
+	# do ifdown before rm so that ifup-{pre,post} are executed 
+	ifdown "$1" 
+	rm -rf "$name" 
 }
 
 _()