|
|
The following options define how a bundle will use CHAP and PAP authentication on an outgoing connection.
It may be necessary to use this attribute in the following cases:
Case | Description |
---|---|
Remote host uses CHAP to authenticate the local host. |
The specified name overrides the local host name in the outgoing response
to a received challenge.
This allows you to supply a name other than the local host name for
the remote host to look up in its authentication database (unless it
chooses to override it with a different name).
For example, a service provider may require that you specify your remote user name in CHAP response packets. In such a case, you should normally set the override name for both transmitted and received packets to be the same as your user name at the remote site. |
Local host uses CHAP to authenticate the remote host. |
The specified name overrides the local host name in the outgoing challenge
and in the outgoing acknowledgment of success or failure.
For example, this allows you to define a different name for the remote host to look up in their authentication database. |
Remote host uses PAP to authenticate the local host. |
The specified name overrides the local host name in the outgoing
authentication request.
This allows you to supply a name other than the local host name which
the remote host will use to look up a password in its authentication
database (unless it chooses to override the supplied name
with a different name).
For example, a service provider may require that you specify your remote user name in PAP request packets. In such a case, you should normally set the override name for the transmitted packet to be the same as the specified user name at the remote site. The authentication database entry for the defined name must contain a PAP remote secret (password). |
It may be necessary to use this attribute in the following cases:
Case | Description |
---|---|
Remote host uses CHAP to authenticate the local host. |
PPP looks up a secret corresponding to the name so that
it can calculate a response value and send it to the remote host.
Normally, PPP would look for a secret corresponding to
the name supplied by the remote host in the incoming challenge.
For example, a service provider may have several remote access servers which use different names to challenge your system. Overriding the name of the server allows you to use a single name-secret pair for outgoing connections to the remote site. In such a case, you should normally set the override name for both transmitted and received packets to be the same as your user name at the remote site. The authentication database entry for the defined name must contain a CHAP remote secret. PPP uses the secret and the value that it received in the challenge packet to calculate the value in the response packet that it sends to the remote authenticator. |
Local host uses CHAP to authenticate the remote host. |
PPP looks up a secret corresponding to the name so that
it can check the validity of a response value that it has received.
Normally, PPP would look for a secret corresponding to
the name supplied by the remote host in the incoming response.
For example, this allows you to configure a single name-secret pair
for authenticating several remote systems or users.
The authentication database entry for the defined name must contain a CHAP local secret. PPP uses the secret and the value that it sent in its challenge to calculate a value that it can compare with the response value that it has received from the peer. If the calculated value and the response value are the same, the remote host is authentic. |
Remote host uses PAP to authenticate the local host. |
PPP looks up a secret (password) corresponding to the
specified name and sends this in an authentication request to the
remote host. Normally, the name that is transmitted in the request
(the local host name which may also be overridden)
would be used to look up the secret.
The authentication database entry for the defined name must contain a PAP remote secret (password). |
Local host uses PAP to authenticate the remote host. |
PPP uses the specified name to look up a password
to check against the one it has received in an authentication request.
Normally, PPP would look up a password for the name
supplied by the remote host in the incoming authentication request.
For example, this allows you to configure a single name-password pair
for authenticating several remote systems or users.
The authentication database entry for the defined name must contain a PAP local secret (password). |