Password authentication protocol
PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP or EAP (the latter is actually a framework).
Password-based authentication is the protocol where two entities share a password in advance and use the password as the basis of authentication. Existing password authentication schemes can be categorized into two types: weak-password authentication schemes and strong-password authentication schemes. When compared to strong-password schemes, weak-password schemes tend to have lighter computational overhead, the designs are simpler, and implementation is easier, making them especially suitable for some constrained environments.
- Client sends username and password
- Server sends authentication-ack (if credentials are OK) or authentication-nak (otherwise)
|1 byte||1 byte||2 bytes||1 byte||Variable||1 byte||Variable|
|Authentication-request||Code = 1||ID||Length||Username length||Username||Password length||Password|
|Authentication-ack||Code = 2||ID||Length||Message length||Message|
|Authentication-nak||Code = 3||ID||Length||Message length||Message|
PAP packet embedded in a PPP frame. The protocol field has a value of C023 (hex).
|Flag||Address||Control||Protocol (C023 (hex))||Payload (table above)||FCS||Flag|
- CHAP - Challenge-Handshake Authentication Protocol
- EAP - Extensible Authentication Protocol
- RFC 1334 – PPP Authentication Protocols
- Password-authenticated key agreement protocols
- SAP - Service Access Point
|This computer networking article is a stub. You can help Wikipedia by expanding it.|