MS-CHAP
Appearance
MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. The protocol exist in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introducted with Windows 2000.
Compared with CHAP, MS-CHAP:
- is enabled by negotiating CHAP Algorithm 0x80 in LCP option 3, Authentication Protocol
- provides an authenticator-controlled password change mechanism
- provides an authenticator-controlled authentication retry mechanism
- defines failure codes returned in the Failure packet message field
MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.
References
- [RFC 1994] PPP Challenge Handshake Authentication Protocol (CHAP)
- [RFC 2433] MS-CHAPv1
- [RFC 2759] MS-CHAPv2