Re: (ASCEND) Ethernet -> Answer -> PPP Options -> Recv Auth=PAP vs. Either

[Cyril Jaouich <twiggy@twiggy.spider.org>]

On Thu, 3 Jun 1999, Phillip Vandry wrote:

> > > The only solution is to disable CHAP.
> > 
> > 	Well the problem is an M$ problem, non-windows dial-in will be
> > okay with Either because they can be set to PAP first, but Microsoft has
> > MS-CHAP (a CHAP version) that will be used before the configured
> > authentication protocol. AFAIK there is no way to disable MS-CHAP auth in
> > windows products, we ran into the same problem with having Cisco ISDN
> > CHAP customers and our regular user base (mostly windows).
> 
> As much as I hate to agree with Microsoft on any point, I think this
> is reasonable. Barring explicit configuration, a client should indeed
> select a crypted algorithm (better from its point of view) over a
> non crypted one if it's given the choice!
> 
> It's the PPP protocol that would have needed a different design, i.e.
> some LCP parameters getting negociated after the username is known,
> not before.

	But aren't there issues with the CHAP protocol in radius. Ie how
strong is security in the CHAP radius implementation compared to the PAP
radius information; because I remember our Systems group discussing that
CHAP had to have password or cryptokeys or something in clear text...

	Maybe you can answer...

Cyril Jaouich [CJ837]
---------------------
AT&T Canada Internetworking specialist
-------------------------------------- 
Only 5055 hours before Y2K, will you be compliant?


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>