Manualsbrain.com
  1. 매뉴얼
  2. 브랜드
  3. Avaya
  4. a500
  5. 사용자 가이드

Avaya a500 사용자 가이드

다운로드
페이지 326
Cajun A500 ATM Switch Overview
1-20
Cajun A500 ATM Switch User Guide
Password Authentication Protocol (PAP)
The Password Authentication Protocol (PAP) provides a simple method for the peer to 
establish its identity using a 2-way handshake. This is done only upon initial link 
establishment. After the link establishment phase completes, an ID/Password pair is 
repeatedly sent by the peer to the authenticator until authentication is acknowledged or 
the connection terminates.
Passwords are sent over the circuit in the clear, and there is no protection from playback 
or repeated trial and error attacks. The peer is in control of the frequency and timing of 
the attempts. Any implementations which include a stronger authentication method 
(such as CHAP) must offer to negotiate that method prior to PAP.
This authentication method is most appropriately used where a plain text password must 
be available to simulate a login at a remote host. In such use, this method provides a 
similar level of security to the usual user login at the remote host.
Challenge-Handshake Authentication Protocol (CHAP)
The Challenge-Handshake Authentication Protocol (CHAP) is used to verify the identity 
of the peer using a 3-way handshake. This is done upon initial link establishment, and 
can be repeated anytime after establishing the link. After the link establishment phase 
completes, the authenticator sends a challenge message to the peer. The peer responds 
with a value calculated using a one-way hash function. The authenticator checks the 
response against its own calculation of the expected hash value. If the values match, the 
authentication is acknowledged; otherwise the connection terminates. 
CHAP provides protection against playback attack through the use of an incrementally 
changing identifier and a variable challenge value. The use of repeated challenges is 
intended to limit the time of exposure to any single attack. The authenticator is in 
control of the frequency and timing of the challenges. This authentication method 
depends upon a secret known only to the authenticator and that peer. The secret is not 
sent over the link. Use this method when the same secret is easily accessed from both 
ends of the link.