RE: PAP Authentication

From: Brian Hescock (bhescock@xxxxxxxxx)
Date: Fri Jul 07 2000 - 17:29:14 GMT-3

• Next message: Jeff Sapiro: "Re: PAP Authentication"
• Previous message: Chandra Lingamgunta: "LAb exam at Sydney on 10th"
• Maybe in reply to: Bob Reed: "PAP Authentication"
• Next in thread: Jeff Sapiro: "Re: PAP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Bob,
  There's apparently a bug because I came across the same thing and so
have others. You can do the debugs and see what's happening, it tries
using chap after the first try even though pap is the only one turned
on. using ppp authen pap chap works because pap fails then chap works or
just use ppp authen chap.

Brian

On Fri, 7 Jul 2000, Matt Holbert wrote:

> With PAP, a username and password are sent in the clear. The authenticating
> router simply looks in a table for that username and password. If they are
> the same, access is granted.
>
> CHAP uses the "password" as the key for the hash algorithm. Thus, the
> password (key) must be the same on both ends. It works like this. The
> authenticating side issues a challenge by sending a number. The side
> wanting access takes that number and performs a hash. The hashed value is
> transmitted back to the authenticating side. The authenticating side takes
> the original number transmitted and performs the same hash. If it gets the
> same hash value as was received, access is granted. For this to work, the
> keys (passwords) must be the same.
>
> -------------------------------------
> PAP configuration:
>
> R1:
> username R2 password cisco2
>
> int bri
> ppp auth pap
> ppp pap sent-username R1 password cisco1
>
> R2:
> username R1 password cisco1
>
> int bri 0
> ppp auth pap
> ppp pap sent-username R2 password cisco2
> ---------------------------------------
>
> PAP: Be sure the sent-username and password on one side matches the username
> and password on the other side.
>
> ---------------------------------------
> CHAP configuration:
>
> R1:
> username R1 password cisco
>
> int bri 0
> ppp auth chap
>
> R2:
> username R2 password cisco
>
> int bri 0
> ppp auth chap
>
> --------------------------------------
>
> Be sure the username on one side matches the router name on the other side.
> Be sure the passwords are the same on both sides.
>
> Matt
> -----Original Message-----
> From: Bob Reed [mailto:bobr@mmcable.com]
> Sent: Thursday, July 06, 2000 11:08 PM
> To: ccielab
> Subject: PAP Authentication
>
>
> I realized tonight that I have never configured PPP with PAP, always CHAP.
>
> I can configure ISDN with PPP CHAP with no problem. But I'm missing
> something when trying to use PAP. If I just change 'ppp auth chap' to 'ppp
> auth pap', the line bounces up/down each try. Debug ppp auth show nothing.
>
> Any ideas what I'm missing. I'm sure it's simple.
>
>
> TIA,
> Bob
>

• Next message: Jeff Sapiro: "Re: PAP Authentication"
• Previous message: Chandra Lingamgunta: "LAb exam at Sydney on 10th"
• Maybe in reply to: Bob Reed: "PAP Authentication"
• Next in thread: Jeff Sapiro: "Re: PAP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:53 GMT-3