From owner-freebsd-isp Mon Jun 8 18:55:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA28659 for freebsd-isp-outgoing; Mon, 8 Jun 1998 18:55:57 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from gate.gateway.net.hk (qmailr@home.gateway.net.hk [202.76.19.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id SAA28629 for ; Mon, 8 Jun 1998 18:55:53 -0700 (PDT) (envelope-from bmf@gate.gateway.net.hk) Received: (qmail 9859 invoked by uid 653); 9 Jun 1998 01:55:51 -0000 Date: Tue, 9 Jun 1998 09:55:51 +0800 (CST) From: Bo Fussing To: IBS / Andre Oppermann cc: Andreas Klemm , isp@FreeBSD.ORG Subject: Re: how does PPP CHAP work ? In-Reply-To: <357BCA02.2F008019@pipeline.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, If you are thinking of using CHAP because it is more secure - this is not really warranted unless you are worried that people are monitoring your phone lines. All terminal servers that support PAP will encrypt at least the password when transmitting a request to a RADIUS server, version 2.x of RADIUS does both user ID and password. If you are paranoid you can filter out the port that RADIUS runs on so only your terminal and RADIUS servers can talk to each other. Another point of note, having worked on dial-in scripts for global roaming through hundreds of different POPs of various ISPs, I think it was only one provider that supported CHAP, the rest PAP. I think it is only the corporate world that uses CHAP and then there are more secure methods than that e.g. one time password generators.... Regards, Bo Fussing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message