Zte ZXR10 2900E Series - Figure 5-20 Using PAP Mode for Identity Authentication

To Next Page

To Previous Page

Chapter5ServiceConguration

PAPisasimpleplaintextauthenticationmode.NASrequiresthesubscriberto

providetheusernameandpasswordandthesubscriberreturnsthesubscriber

informationintheformofplaintext.Theservercheckswhetherthissubscriber

isavailableandwhetherthepasswordiscorrectaccordingtothesubscriber

congurationandreturnsdifferentresponses.Thisauthenticationmodefeatures

poorsecurityandtheusernameandpasswordtransferredmaybeeasilystolen.

FortheprocessofusingthePAPmodeforidentityauthentication,seeFigure5-20.

Figure5-20UsingPAPModeforIdentityAuthentication

lChallengeHandshakeAuthenticationProtocol(CHAP)

CHAPisanencryptedauthenticationmodeandavoidsthetransmissionoftheuser’s

realpassworduponconnectionsetup.NASsendsarandomlygeneratedChallenge

stringtotheuser.TheuserencryptstheChallengestringbyusingtheuser’s

passwordandMD5algorithmandreturnstheusernameandencryptedChallenge

string(encryptedpassword).

TheserverusestheuserpassworditstoresandtheMD5algorithmtoencryptthe

Challengestring.ThenitcomparesthisChallengestringwiththeencryptedpassword

oftheserverandreturnsaresponseaccordingly.

FortheprocessofusingtheCHAPmodeforidentityauthentication,seeFigure5-21.

5-73

SJ-20130731155059-002|2013-11-27(R1.0)ZTEProprietaryandCondential

Other manuals for Zte ZXR10 2900E Series