Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
PAP Authentication

PAP Authentication

Latest reply: Jan 16, 2022 07:06:12 828 11 10 0 0
View the author 1#

PAP Authentication Process

The Password Authentication Protocol (PAP) is a two-way handshake authentication protocol that transmits passwords in plain text. PAP authentication is performed during initial link establishment.

After the Link Establishment phase is complete, the authenticated device repeatedly sends the user name and password to the authenticating device until it is authenticated or the link is terminated.

PAP authentication is most useful when plain text passwords must be available to simulate logins at a remote host.

Figure 1 shows the PAP authentication process.

Figure 1 PAP authentication process

1


  • The authenticated device sends the local user      name and password to the authenticating device.

  • The authenticating device checks the user name      and password of the authenticated device against the local user table and      sends a response to the authenticated device.

PAP is an insecure authentication protocol. In PAP authentication, passwords are sent over links in plain text. After a PPP link is established, the authenticated device repeatedly sends the local user name and password until the authentication is complete. Attacks cannot be prevented.

PAP Packet Format

  • Configuration option format

Figure 2 shows the Authentication-Protocol Configuration Option format.

Figure 2 PAP configuration option format

2

The meanings of the fields are as follows.

Table 1 Fields of a PAP configuration option

Field

Length in Bytes

Description

Type

1

The value 0x03 indicates an authentication protocol. For common   negotiation options, see Table 3.

Length

1

The value is always 4, indicating that a configuration option is 4 bytes   in length.

Authentication-Protocol

2

The value 0xC023 indicates the PAP protocol. For common protocol codes,   see Table 1. In an authentication   protocol, the Data field is replaced by the Authentication-Protocol field.


For the relationship between configuration options, PPP packets, and LCP packets, see Figure 1.

  • PAP packet format

A PAP packet is encapsulated in the Information field of a PPP data link layer frame with the Protocol field value C023.

For the relationship between the PPP packet format and PAP packet format, see Figure 1.

Figure 3 shows the PAP packet format.

Figure 3 PAP packet format

3


Table 2 shows the fields of a PAP packet.

Table 2 Fields of a PAP packet

Field

Length in Bytes

Description

Code

1

The Code field identifies the type of a PAP packet:

o      1: Authenticate-Request packet

o      2: Authenticate-Ack packet

o      3: Authenticate-Nak packet

Identifier

1

The Identifier field helps match requests and replies.

Length

2

The Length field indicates the length of a PAP packet including the Code,   Identifier, Length, and Data fields. Bytes outside the range of the Length   field are treated as padding and are discarded.

Data

Zero or more

The format of the Data field is determined by the Code field.


  • Authenticate-Request packet      format

An Authenticate-Request packet is used to initiate PAP authentication. The authenticated device must transmit an Authenticate-Request packet with the Code field value 0x01 in the Authentication phase. The Authenticate-Request packet will be repeatedly sent until a valid reply packet is received or the optional retry counter expires. The link is terminated if the optional retry counter expires.

The authenticating device waits for the authenticated device to send an Authenticate-Request packet. After receiving an Authenticate-Request packet, the authenticating device returns a reply packet.

Figure 4 shows the Authenticate-Request packet format.

Figure 4 Authenticate-Request packet format

4


Table 3 describes the fields of an Authenticate-Request packet.

Table 3 Fields of an Authenticate-Request packet

Field

Length in Bytes

Description

Code

1

The value 0x01 indicates an Authenticate-Request packet. For common code   values, see Table 2.

Identifier

1

The Identifier field helps match requests and replies. The Identifier field   must be changed each time an Authenticate-Request packet is sent.

Length

2

The Length field specifies the total length of an Authenticate-Request   packet.

Peer-ID Length

1

The Peer-ID Length field specifies the length of the Peer-ID field.

Peer-ID

Zero or more

The Peer-ID field specifies the name of the authenticated device.

Password Length

1

The Password Length field specifies the length of the Password field.

Password

Zero or more

The Password field specifies the password of the authenticated device.


  • Authenticate-Ack and Authenticate-Nak packet      formats

If the authenticating device receives an Authenticate-Request packet with the user name and password both acceptable, it replies with an Authenticate-Ack packet with the Code field value 2, which indicates that authentication is successful.

If the authenticating device receives an Authenticate-Request packet with an unacceptable user name or password, it replies with an Authenticate-Nak packet with the Code field value 3, which indicates that authentication fails.

Figure 5 shows the Authenticate-Ack and Authenticate-Nak packet formats.

Figure 5 Authenticate-Ack and Authenticate-Nak packet formats

5

Table 4 shows the fields of an Authenticate-Ack or Authenticate-Nak packet.

Table 4 Fields of    an Authenticate-Ack or Authenticate-Nak packet

Field

Length in Bytes

Description

Code

1

The value 0x02 indicates an   Authenticate-Ack packet, and the value 0x03 indicates an Authenticate-Nak   packet. For common   code values, see Table 2.

Identifier

1

The Identifier field helps   match requests and replies. The Identifier field value is the same as the   Identifier field value of the Authenticate-Request that triggers this reply   packet.

Length

2

The Length field specifies   the total length of an Authenticate-Ack or Authenticate-Nak packet.

Message   Length

1

The Message Length field   specifies the length of the Message field.

Message

Zero or   more

The Message field is   determined by the Authenticate-Ack or Authenticate-Nak packet contents.

 


PAP

Like (10) Dislike (0) Favorite(0) Share Report
Previous: CHAP Authentication
Next: PPP Link Establishment Process
(0) (0)
11#
IndianKid
Moderator Author Created Jan 16, 2022 07:06:12

very important post about PAP Authentication, Thanks
View more
  • x
  • convention:
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.