[pptp-server] PAP and encryption

Neil McCarthy neil.mccarthy2 at virgin.net
Sat Feb 26 10:10:00 CST 2000


I completely agree - unless your password is valid for only 1 minute, and you can only log in once in a minute (aka SecurID). Which is why I would like to be able to do encryption after PAP authentication. 

However, looks like I will need to investigate a different tunneling method.

Thanks

Neil
  ----- Original Message ----- 
  From: Chuck Flink 
  To: Neil McCarthy ; list pptp 
  Sent: Friday, February 25, 2000 2:38 PM
  Subject: Re: [pptp-server] PAP and encryption


  PAP results in your password passing in clear text over the Internet.  NOT a good idea.  It is supported for compatibility, but should be discouraged.  It was OK in the dial-up world where a physical phone line tap would rarely be cost-effective.  In the Internet, sniffing a passing packet is much easier to do.  (Especially in a campus LAN environment!)  CHAP is the preferred way to keep your password safe in the PPTP world.  Further, if you want to use mppe, you need to use Microsoft's variation on CHAP in order to negotiate session keys.

  Alternately, you could look into L2TP and IPsec.... which is where Microsoft is evolving to in Win2K (and possibly Win98ME ???)

  Anyone:  Is there a Linux version of L2TP around?

  Another possible option is to look into Win2K to see if it can provide proxy radius services for you.... i.e. have PPTP work as designed for the Windows clients but have the radius clients proxy to NT instead of the the other way around.
    ----- Original Message ----- 
    From: Neil McCarthy 
    To: list pptp 
    Sent: Friday, February 25, 2000 2:27 AM
    Subject: [pptp-server] PAP and encryption


    I have a requirement to use PAP authentication (as I am using PAM talking to a radius server, which is proxying to a token authentication ). I also however wish to then use encryption on the created tunnel - which seems to require CHAP authentication.

    All the clients are Windows 98 or Windows NT.

    Any ideas anyone?

    Thanks

    Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000226/673b66ab/attachment.html>


More information about the pptp-server mailing list