[pptp-server] PAP and encryption
Chuck Flink
cwf at att.net
Fri Feb 25 08:38:54 CST 2000
PAP results in your password passing in clear text over the Internet. NOT a good idea. It is supported for compatibility, but should be discouraged. It was OK in the dial-up world where a physical phone line tap would rarely be cost-effective. In the Internet, sniffing a passing packet is much easier to do. (Especially in a campus LAN environment!) CHAP is the preferred way to keep your password safe in the PPTP world. Further, if you want to use mppe, you need to use Microsoft's variation on CHAP in order to negotiate session keys.
Alternately, you could look into L2TP and IPsec.... which is where Microsoft is evolving to in Win2K (and possibly Win98ME ???)
Anyone: Is there a Linux version of L2TP around?
Another possible option is to look into Win2K to see if it can provide proxy radius services for you.... i.e. have PPTP work as designed for the Windows clients but have the radius clients proxy to NT instead of the the other way around.
----- Original Message -----
From: Neil McCarthy
To: list pptp
Sent: Friday, February 25, 2000 2:27 AM
Subject: [pptp-server] PAP and encryption
I have a requirement to use PAP authentication (as I am using PAM talking to a radius server, which is proxying to a token authentication ). I also however wish to then use encryption on the created tunnel - which seems to require CHAP authentication.
All the clients are Windows 98 or Windows NT.
Any ideas anyone?
Thanks
Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000225/cb0653ba/attachment.html>
More information about the pptp-server
mailing list