[pptp-server] PAP and encryption

Chuck Flink cwf at att.net
Fri Feb 25 08:38:54 CST 2000


PAP results in your password passing in clear text over the Internet.  NOT a good idea.  It is supported for compatibility, but should be discouraged.  It was OK in the dial-up world where a physical phone line tap would rarely be cost-effective.  In the Internet, sniffing a passing packet is much easier to do.  (Especially in a campus LAN environment!)  CHAP is the preferred way to keep your password safe in the PPTP world.  Further, if you want to use mppe, you need to use Microsoft's variation on CHAP in order to negotiate session keys.

Alternately, you could look into L2TP and IPsec.... which is where Microsoft is evolving to in Win2K (and possibly Win98ME ???)

Anyone:  Is there a Linux version of L2TP around?

Another possible option is to look into Win2K to see if it can provide proxy radius services for you.... i.e. have PPTP work as designed for the Windows clients but have the radius clients proxy to NT instead of the the other way around.
  ----- Original Message ----- 
  From: Neil McCarthy 
  To: list pptp 
  Sent: Friday, February 25, 2000 2:27 AM
  Subject: [pptp-server] PAP and encryption


  I have a requirement to use PAP authentication (as I am using PAM talking to a radius server, which is proxying to a token authentication ). I also however wish to then use encryption on the created tunnel - which seems to require CHAP authentication.

  All the clients are Windows 98 or Windows NT.

  Any ideas anyone?

  Thanks

  Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000225/cb0653ba/attachment.html>


More information about the pptp-server mailing list