Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is the Microsoft version of CHAP and is an extension of RFC 1994. Like the standard version of CHAP, MS-CHAP is used for PPP authentication; in this case, authentication occurs between a PC using Microsoft Windows NT or Microsoft Windows 95 and a Cisco router or access server acting as a NAS.

MS-CHAP differs from the standard CHAP as follows:

• MS-CHAP is enabled by negotiating CHAP algorithm 0x80 in Link Control Protocol (LCP) option 3 (Authentication Protocol).

• The MS-CHAP response packet is in a format designed to be compatible with Windows. This format does not require the authenticator to store a clear or reversibly encrypted password.

• MS-CHAP provides an authenticator-controlled authentication retry mechanism.

• MS-CHAP provides an authenticator-controlled change-password mechanism.

• MS-CHAP defines a set of reason-for-failure codes returned in the failure packet's Message field.

0 0

Post a comment