Date: Tue, 9 Jun 1998 09:55:51 +0800 (CST) From: Bo Fussing <bmf@gateway.net.hk> To: IBS / Andre Oppermann <andre@pipeline.ch> Cc: Andreas Klemm <aklemm@hightek.com>, isp@FreeBSD.ORG Subject: Re: how does PPP CHAP work ? Message-ID: <Pine.LNX.3.96.980609094344.9427C-100000@gate.gateway.net.hk> In-Reply-To: <357BCA02.2F008019@pipeline.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, If you are thinking of using CHAP because it is more secure - this is not really warranted unless you are worried that people are monitoring your phone lines. All terminal servers that support PAP will encrypt at least the password when transmitting a request to a RADIUS server, version 2.x of RADIUS does both user ID and password. If you are paranoid you can filter out the port that RADIUS runs on so only your terminal and RADIUS servers can talk to each other. Another point of note, having worked on dial-in scripts for global roaming through hundreds of different POPs of various ISPs, I think it was only one provider that supported CHAP, the rest PAP. I think it is only the corporate world that uses CHAP and then there are more secure methods than that e.g. one time password generators.... Regards, Bo Fussing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.980609094344.9427C-100000>