authentication/CHAP - PPP

This is a discussion on authentication/CHAP - PPP ; Hello, I'm seeing a PPP implementation send out an IPCP config request BEFORE the peer ever sends a CHAP challenge. Both peers agreed to use CHAP MD5 during the LCP negotiation. The authentication does work but this struck me as ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: authentication/CHAP

  1. authentication/CHAP

    Hello,

    I'm seeing a PPP implementation send out an IPCP config request BEFORE
    the peer ever sends a CHAP challenge. Both peers agreed to use CHAP
    MD5 during the LCP negotiation. The authentication does work but this
    struck me as strange. I suspect the peer sending the CHAP challenge
    simply ignores the IPCP packet it receives? I see that some PPP
    implementations can send out a CHAP challenge at certain intervals
    during the connection so is the behavior I'm seeing invalid or just
    unusual? If it's "legal" are there any ramifications?

    Regards,

    Steve

  2. Re: authentication/CHAP

    bostonbear@yahoo.com (Steven) writes:
    > I'm seeing a PPP implementation send out an IPCP config request BEFORE
    > the peer ever sends a CHAP challenge. Both peers agreed to use CHAP
    > MD5 during the LCP negotiation.


    That's broken. I hope the peer silently ignores it.

    > The authentication does work but this
    > struck me as strange. I suspect the peer sending the CHAP challenge
    > simply ignores the IPCP packet it receives?


    It'd better. It's in Authentication Phase at that point; see RFC 1661
    section 3.5.

    > I see that some PPP
    > implementations can send out a CHAP challenge at certain intervals
    > during the connection so is the behavior I'm seeing invalid or just
    > unusual? If it's "legal" are there any ramifications?


    It's invalid. The peer sending IPCP during Authentication Phase is
    simply broken.

    Yes, you can rechallenge with CHAP, but that happens after getting
    past Authentication Phase.

    --
    James Carlson, IP Systems Group
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

+ Reply to Thread