VDict mobile



networking (PAP) An authentication scheme used by PPP
servers to validate the identity of the originator of the
connection.
PAP applies a two-way handshaking procedure. After the link
is established the originator sends an id-password pair to the
server. If authentication succeeds the server sends back an
acknowledgement; otherwise it either terminates the connection
or gives the originator another chance.
PAP is not a strong authentication method. Passwords are sent
over the circuit "in the clear" and there is no protection
against playback or repeated "trial and error" attacks. The
originator is in total control of the frequency and timing of
the attempts. Therefore, any server that can use a stronger
authentication method, such as CHAP, will offer to negotiate
that method prior to PAP. The use of PAP is appropriate,
however, if a plaintext password must be available to
simulate a login at a remote host.
PAP is defined in RFC 1334.
(1996-03-23)