Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Password Authentication Protocol
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
'''Password Authentication Protocol''' ('''PAP''') is a [[password]]-based [[authentication protocol]] used by [[Point-to-Point Protocol]] (PPP) to validate users.<ref>{{Cite web|date=2018-07-17|title=Password Authentication Protocol (PAP)|url=https://www.geeksforgeeks.org/password-authentication-protocol-pap/|access-date=2020-11-08|website=GeeksforGeeks|language=en-US}}</ref> PAP is specified in {{IETF RFC|1334}}. Almost all [[network operating system]]s support PPP with PAP, as do most [[network access server]]s. PAP is also used in [[PPPoE]], for authenticating DSL users. As the [[Point-to-Point Protocol]] (PPP) sends data unencrypted and "in the clear", PAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the users name, password, and any other information associated with the PPP session. Some additional security can be gained on the PPP link by using [[Challenge-Handshake Authentication Protocol|CHAP]] or [[Extensible Authentication Protocol|EAP]]. However, there are always tradeoffs when choosing an authentication method, and there is no single answer for which is more secure. When PAP is used in PPP, it is considered a weak authentication scheme. Weak schemes are simpler and have lighter [[overhead (computing)|computational overhead]] than more complex schemes, such as [[Transport Layer Security]] (TLS), but they are much more vulnerable to attack. Weak schemes are used where the transport layer is expected to be physically secure, such as a home [[DSL]] link. Where the transport layer is not physically secure a system such as TLS or [[Internet Protocol Security]] (IPsec) is used instead. ==Other uses of PAP== PAP is also used to describe password authentication in other protocols such as [[RADIUS]] and [[Diameter (protocol)|Diameter]]. However, those protocols provide for transport or network layer security, and therefore that usage of PAP does not have the security issues seen when PAP is used with PPP. ==Benefits of PAP== When the client sends a clear-text password, the authentication server will receive it, and compare it to a "known good" password. Since the authentication server has received the password in clear-text, the [[Password#Form of stored passwords|format of the stored password]] can be chosen to be secure "at rest". If an attacker were to steal the entire database of passwords, it is computationally infeasible to reverse the function to recover a plaintext password. As a result, while PAP passwords are less secure when sent over a PPP link, they allow for more secure storage "at rest" than with other methods such as [[Challenge-handshake authentication protocol|CHAP]]. ==Working cycle== PAP authentication is only done at the time of the initial link establishment, and verifies the identity of the client using a [[Handshake (computing)|two-way handshake]]. #Client sends username and password. This is sent repeatedly until a response is received from the server. #Server sends authentication-ack (if credentials are OK) or authentication-nak (otherwise)<ref name="Forouzan2007">{{cite book|author=Forouzan|title=Data Commn & Networking 4E Sie|url=https://books.google.com/books?id=6HaNKmfBK1oC&pg=PA352|accessdate=24 November 2012|year=2007|publisher=McGraw-Hill Education (India) Pvt Limited|isbn=978-0-07-063414-5|pages=352β}}</ref> ==PAP packets== {| class="wikitable" ! Description !1 byte !1 byte !2 bytes !1 byte !Variable !1 byte !Variable |- |Authentication-request |Code = 1 |ID |Length |Username length |Username |Password length |Password |- |Authentication-ack |Code = 2 |ID |Length |Message length |Message | | |- |Authentication-nak |Code = 3 |ID |Length |Message length |Message | | |} PAP packet embedded in a PPP frame. The protocol field has a value of C023 (hex). {| class="wikitable" !Flag !Address !Control !Protocol (C023 (hex)) !Payload (table above) !FCS !Flag |} ==See also== * SAP β [[Service Access Point]] ==Notes== {{reflist}} ==References== * {{cite IETF |title=PPP Authentication Protocols |rfc=1334 |sectionname=Password Authentication Protocol |page=2 |first1=Brian |last1=Lloyd |first2=William Allen |last2=Simpson |year=1992 |publisher = [[Internet Engineering Task Force|IETF]] |accessdate=16 July 2015}} {{Authentication APIs}} [[Category:Password authentication]] [[Category:Internet protocols]] [[Category:Authentication protocols]]
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Templates used on this page:
Template:Authentication APIs
(
edit
)
Template:Cite IETF
(
edit
)
Template:Cite book
(
edit
)
Template:Cite web
(
edit
)
Template:IETF RFC
(
edit
)
Template:Reflist
(
edit
)
Search
Search
Editing
Password Authentication Protocol
Add topic
