Password Authentication Protocol

Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. Almost all network operating system remote servers support PAP. PAP is specified in RFC 1334.

PAP is considered a weak authentication scheme (weak schemes are simple and have lighter computational overhead but are much more vulnerable to attack; while weak schemes may have limited application in some constrained environments, they are avoided in general). Among PAP's deficiencies is the fact that it transmits unencrypted passwords (i.e. in plain-text) over the network. PAP is therefore used only as a last resort when the remote server does not support a stronger scheme such as CHAP or EAP.

Working cycle

PAP authentication is only done at the time of the initial link establishment, and verifies the identity of the client using a two-way handshake.

Client sends username and password. This is sent repeatedly until a response is received from the server.
Server sends authentication-ack (if credentials are OK) or authentication-nak (otherwise)[1]

PAP Packets

Description	1 byte	1 byte	2 bytes	1 byte	Variable	1 byte	Variable
Authentication-request	Code = 1	ID	Length	Username length	Username	Password length	Password
Authentication-ack	Code = 2	ID	Length	Message length	Message
Authentication-nak	Code = 3	ID	Length	Message length	Message

PAP packet embedded in a PPP frame. The protocol field has a value of C023 (hex).

Flag	Address	Control	Protocol (C023 (hex))	Payload (table above)	FCS	Flag

Notes

Forouzan (2007). Data Commn & Networking 4E Sie. McGraw-Hill Education (India) Pvt Limited. pp. 352–. ISBN 978-0-07-063414-5. Retrieved 24 November 2012.

References

Lloyd, Brian; Simpson, William Allen (1992). "Password Authentication Protocol". PPP Authentication Protocols. IETF. p. 2. doi:10.17487/RFC1334. RFC 1334. Retrieved 16 July 2015.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[Forouzan2007-1] Forouzan (2007). Data Commn & Networking 4E Sie. McGraw-Hill Education (India) Pvt Limited. pp. 352–. ISBN 978-0-07-063414-5. Retrieved 24 November 2012.

Authentication
Authentication APIs	BSD Authentication (BSD Auth) eAuthentication Generic Security Services API (GSSAPI) Java Authentication and Authorization Service (JAAS) Pluggable Authentication Modules (PAM) Simple Authentication and Security Layer (SASL) Security Support Provider Interface (SSPI) XCert Universal Database API (XUDA)
Authentication protocol	ACF2 AKA CAVE-based authentication Challenge-Handshake Authentication Protocol (CHAP) MS-CHAP Central Authentication Service (CAS) CRAM-MD5 Diameter Extensible Authentication Protocol (EAP) Host Identity Protocol (HIP) IndieAuth Kerberos LAN Manager NT LAN Manager (NTLM) OAuth OpenID OpenID Connect (OIDC) Password-authenticated key agreement protocols Password Authentication Protocol (PAP) Protected Extensible Authentication Protocol (PEAP) Remote Access Dial In User Service (RADIUS) Resource Access Control Facility (RACF) Secure Remote Password protocol (SRP) TACACS Woo–Lam
Category Commons

Password Authentication Protocol

Working cycle

PAP Packets

See also

Notes

References