Password Authentication Protocol (PAP) involves a two-way handshake where the username and password are sent across the link in clear text. When PAP is enabled, the remote client attempting to connect to the access server is required to send an authentication request. If the username and password specified in the authentication request are accepted, the access server sends an authentication acknowledgment. Figure 6-3 shows the two-handshake process of PAP.
Figure 6-3 Two-Handshake Process of PAP
An example of a PAP authentication on a NAS follows:
Router(config-if)# ppp authentication pap
PAP provides no protection from playback and password attacks. A protocol analyzer could easily capture the password. Although a lot of vendors support PAP, CHAP is the preferred method of authentication because it is more secure.
Was this article helpful?