Re: ppp chap password

kelvin-yeo · ‎04-18-2006

Hello,

I am trying to understand the purpose of the "ppp chap password "command in dialer and ISDN interface configurations, i.e., what is the reason and usage of this. Unfortunately, looking into IOS command guides and references did not help me much.

My understanding is, if a router receive a challange, and that hostname/password is not defined locally, chap will use 'ppp chap password ' to generate a hash. Please correct if i'm wrong.

Therefore in this case, if i tried putting this cmd in both routers without username/password defined, ppp should pass the authentication. But its not.

Anyone can reply.

ankurbhasin · ‎04-18-2006

Hi Friend,

CHAP authentication, on the other hand, periodically verifies the identity of the remote node using a three-way handshake.

After the PPP link is established, the host sends a "challenge" message to the remote node.

Remember the remote node responds with a value calculated using a one-way hash function.

The host checks the response against its own calculation of the expected hash value.

If the values match, the authentication is acknowledged; otherwise, the connection is terminated.

So if you do not have hostname and passwword defined at the remote end it will perform a hash function and that value will not at all match with the sending host generated value so the connection will be terminated.

And that is the reason for CHAP authentication to have a secure authentication for establishing a conenction.

HTH, if yes please rate the post.

Ankur

kelvin-yeo · ‎04-19-2006

Thank you for the explaination, i do have the concept behind my head though.

The white paper mentioned that 'ppp chap password' is the default password to use if no username/password is defined locally.

In that case can i use 'ppp chap password' at both end of the node and no define username/password at all.

Cheers,

kelvin