Keyword "login" is supposed to enable passwd authentication (and, by looking at the code, pam authentication as well). However, it can't work unless the user has already been authenticated against pap-secrets, which of course defeats the whole purpose. While we're on the subject, it's also worth mentioning that pam code is not called at all unless "login" is used. Arguably at least the pam session management should be done regardless of the type of authentication used. BTW, the first part applies to the pppd in RH 6.0 as well.
This might be fixed by the version of ppp in RawHide, want to check? If so, get ppp-2.3.9-1; you should be able to install it on a Red Hat Linux 6.0 system without problems.
I'll assume that the new pppd fixes; if not, pleast reopen.