Password authentication protocol

From Wikipedia, the free encyclopedia

Password Authentication Protocol, sometimes abbreviated PAP, is a simple authentication protocol used to authenticate a user to a network access server used for example by internet service providers. PAP is used by Point to Point Protocol. Authentication is a process of validating a user before accessing the resources. Almost all network operating system remote servers support PAP.

PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP or EAP (while the last is actually a framework).

[edit] Working cycle

  • Client sends username and password
  • Server sends authentication-ack (if credentials are OK) or authentication-nak (otherwise)

[edit] PAP Packets

Description 1 byte 1 byte 2 bytes 1 byte Variable 1 byte Variable
Authentication-request Code = 1 ID Length Username length Username Password length Password
Authentication-ack Code = 2 ID Length Message length Username
Authentication-nak Code = 3 ID Length Message length Username

PAP packet embedded in a PPP frame. The protocol field has a value of C023 (hex).

Flag Address Control Protocol (C023 (hex)) Payload (table above) FCS Flag

[edit] See also