Jump to content

MS-CHAP

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by SHayter (talk | contribs) at 11:00, 7 November 2005 (Fixed RFC number + Changed Line to include full RFC title). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. The protocol exist in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introducted with Windows 2000.

Compared with CHAP, MS-CHAP:

  • is enabled by negotiating CHAP Algorithm 0x80 in LCP option 3, Authentication Protocol
  • provides an authenticator-controlled password change mechanism
  • provides an authenticator-controlled authentication retry mechanism
  • defines failure codes returned in the Failure packet message field

MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

References

  • [RFC 1994] PPP Challenge Handshake Authentication Protocol (CHAP)
  • [RFC 2433] MS-CHAPv1
  • [RFC 2759] MS-CHAPv2