Руководство Пользователя для Netopia 3220-h
Cayman 3220-H User’s Guide
How Your Cayman 3220-H Works
December 2000
C-9
The authentication method used by one peer can be different from
the authentication method used by the other peer. For example, a
peer at one end of a link may require authentication while the other
end of the link may not. Similarly, one end of a link may use PAP to
authenticate peers while the other end uses CHAP.
the authentication method used by the other peer. For example, a
peer at one end of a link may require authentication while the other
end of the link may not. Similarly, one end of a link may use PAP to
authenticate peers while the other end uses CHAP.
A PPP interface can support one or both authentication methods. If
you specify that a serial port must use one method but not the other,
the remote peer must authenticate itself according to the specified
authentication protocol. If you specify that a serial port can use
either CHAP or PAP to authenticate a remote peer (that is, both
CHAP and PAP are enabled), the router tries to use CHAP to
authenticate connection requests. If the remote peer does not
support CHAP, the router requires that the remote peer use PAP to
authenticate itself.
you specify that a serial port must use one method but not the other,
the remote peer must authenticate itself according to the specified
authentication protocol. If you specify that a serial port can use
either CHAP or PAP to authenticate a remote peer (that is, both
CHAP and PAP are enabled), the router tries to use CHAP to
authenticate connection requests. If the remote peer does not
support CHAP, the router requires that the remote peer use PAP to
authenticate itself.
Password Authentication Protocol (PAP) – The Password
Authentication Protocol (PAP) provides a simple method for a
peer to establish its identity. A peer being authenticated with
PAP sends Authentication Request messages that contain its
name and PAP password until the authenticator acknowledges
and accepts the information or until the connection is
terminated. Passwords are sent in clear text format, which offers
no protection from interception and playback by unauthorized
users.
Authentication Protocol (PAP) provides a simple method for a
peer to establish its identity. A peer being authenticated with
PAP sends Authentication Request messages that contain its
name and PAP password until the authenticator acknowledges
and accepts the information or until the connection is
terminated. Passwords are sent in clear text format, which offers
no protection from interception and playback by unauthorized
users.
Challenge Handshake Authentication Protocol (CHAP) – The
Challenge Handshake Authentication Protocol (CHAP) is a more
secure authentication method than PAP. CHAP authentication
involves three entities: a “secret” known to both link peers, a
random challenge value, and a sequential challenge identifier.
The authenticator sends a numbered message that includes a
challenge value to the remote peer. The remote peer uses the
secret to encrypt the challenge value and challenge identifier
using a one-way hash function, ensuring that the response
cannot be intercepted and used by an unauthorized user to
obtain a legal password. The challenge identifier ensures that the
encrypted authentication information cannot be recorded and
played back later to gain access by an unauthorized user.
Challenge Handshake Authentication Protocol (CHAP) is a more
secure authentication method than PAP. CHAP authentication
involves three entities: a “secret” known to both link peers, a
random challenge value, and a sequential challenge identifier.
The authenticator sends a numbered message that includes a
challenge value to the remote peer. The remote peer uses the
secret to encrypt the challenge value and challenge identifier
using a one-way hash function, ensuring that the response
cannot be intercepted and used by an unauthorized user to
obtain a legal password. The challenge identifier ensures that the
encrypted authentication information cannot be recorded and
played back later to gain access by an unauthorized user.