network protocols handbook.pdf

185Protocols GuideWAN - PPP ProtocolsProtocol NamePAP: Password AuthenticationProtocolProtocol DescriptionThe Password Authentication Protocol (PAP), a Link ControlProtocol in the PPP suite, provides a simple method for the peerto establish its identity using a 2-way handshake. This is doneonly upon initial link establishment.After the Link Establishment phase is complete, an ID/Passwordpair is repeatedly sent by the peer to the authenticator until authenticationis acknowledged or the connection is terminated.PAP is not a strong authentication method. Passwords are sentover the circuit in text format, and there is no protection fromsniffing, playback or repeated trial and error attacks. The peeris in control of the frequency and timing of the attempts. Any implementationswhich include a stronger authentication method(such as CHAP) MUST offer to negotiate that method prior toPAP.This authentication method is most appropriately used wherea plaintext password must be available to simulate a login at aremote host. In such a use, this method provides a similar levelof security to the usual user login at the remote host.Protocol StructureConfiguration Option format for Password AuthenticationProtocol:8 16 32bitType Length Authentication-Protocol• Type - 3• Length - 4• Authentication-Protocol – C023 (Hex) for PasswordAuthentication ProtocolPassword Authentication Protocol (PAP) packet format:8 16 32bits VariableCode Identifier Length Data• Code - The Code field is one octet and identifies thetype of PAP packet. PAP Codes are assigned as follows:1 Authenticate-Request2 Authenticate-Ack3 Authenticate-Nak• Identifier - The Identifier field is one octet and aids inmatching requests and replies.• Length - The Length field is two octets and indicatesthe length of the PAP packet including the Code,Identifier, Length and Data fields. Octets outside therange of the Length field should be treated as DataLink Layer padding and should be ignored on reception.• Data - The Data field is zero or more octets. Theformat of the Data field is determined by the Codefield.Related protocolsPPP, CHAP, LCP, NCPSponsor SourcePAP is defined by IETF (http://www.ietf.org) RFC 1334; now replacedby RFC 1994.Referencehttp://www.javvin.com/protocol/rfc1334.pdfPPP Authentication Protocolshttp://www.javvin.com/protocol/rfc1994.pdfPPP Challenge Handshake Authentication Protocol (CHAP)