Password Authentication Protocol
PAP is considered a weak authentication scheme (weak schemes are simple and have lighter computational overhead but are much more vulnerable to attack; while weak schemes may have limited application in some constrained environments, they are avoided in general). Among PAP's deficiencies is the fact that it transmits unencrypted passwords over the network. PAP is therefore used only as a last resort when the remote server does not support a stronger scheme such as CHAP or EAP.
- Client sends username and password
- Server sends authentication-ack (if credentials are OK) or authentication-nak (otherwise)
|1 byte||1 byte||2 bytes||1 byte||Variable||1 byte||Variable|
|Authentication-request||Code = 1||ID||Length||Username length||Username||Password length||Password|
|Authentication-ack||Code = 2||ID||Length||Message length||Message|
|Authentication-nak||Code = 3||ID||Length||Message length||Message|
PAP packet embedded in a PPP frame. The protocol field has a value of C023 (hex).
|Flag||Address||Control||Protocol (C023 (hex))||Payload (table above)||FCS||Flag|
- SAP - Service Access Point
- Lloyd, Brian; Simpson, William Allen (October 1992). "Password Authentication Protocol". PPP Authentication Protocols. IETF. p. 2. RFC 1334. https://tools.ietf.org/html/rfc1334#page-2. Retrieved 16 July 2015.
|This computer networking article is a stub. You can help Wikipedia by expanding it.|