From: Brian McGahan (brian@cyscoexpert.com)
Date: Sun Oct 13 2002 - 13:20:26 GMT-3
Chenyan,
'ppp chap password' does not mean what password you are sending.
Unlike PAP, CHAP does not actually send a password over the line.
Instead, a hash value made up of the password and magic number is sent.
Unless the hash matches from both authenticating parties, authentication
is not successful.
By default, the router sends it's hostname for authentication
when using chap. The router on the other side does a lookup in its
local database, radius server, or tacacs server, and finds the password
that is paired with that username. If there is no matching username in
the database, the password specified in 'ppp chap password xyz' is used
as the default password.
Suppose you have a central office that has many remote clients
dialing into it. If you don't want to create an entry in the user
database for each remote client, you can just specify a default password
with 'ppp chap password'. As long as the remote clients have an entry
for the central site in their user database, authentication will be
successful.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/112cg_cr
/4rbook/4rppp.htm#xtocid2891415
'ppp chap hostname' is used to specify another username to send
other than your hostname. As previously mentioned, the router will send
it's own hostname for chap authentication by default. 'ppp chap
hostname' will change this default behavior.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/112cg_cr
/4rbook/4rppp.htm#xtocid2891414
http://www.cisco.com/warp/public/131/ppp_callin_hostname.html
'username xyz password xyz' is used to create an entry in the
router's local user database.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/
secur_c/scprt5/scdpass.htm
HTH
Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com
CyscoExpert Corporation
Internetwork Consulting & Training
http://www.cyscoexpert.com
Voice: 847.674.3392
Fax: 847.674.2625
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> chenyan
> Sent: Sunday, October 13, 2002 10:23 AM
> To: ccielab
> Subject: ppp chap password and username password
>
> hi,guys
>
> I want to know the differences between the "ppp chap password" and
> "username XXX password XXX".
> can the "ppp chap password" replace the "username XXX password XXX"?
> If I used the "ppp chap hostname", must I use the "ppp chap password"?
>
> Thanks
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:46 GMT-3