test

Solstice PPP 3.0.1 User's Guide

Security and Authentication

You need to take care when transmitting potentially confidential information over public telephone networks, and particularly when communicating on the Internet. The communication is not encrypted by the transmission media; therefore, anyone can tap into the network and read the information you send. However, you can use Sun security products, such as Solstice SunScreen or Solstice Firewall-1, to protect your network and encrypt the network traffic.

Solstice PPP supports three levels of authentication that are used by the server to prevent unauthorized clients from connecting to it:

Optionally, Solstice PPP can also be used in conjunction with third-party, dynamic challenge-response authentication products. Your system administrator or Internet provider will tell you which of these authentication methods are implemented by your server.

Standard UNIX Login Sequence

This is the simplest form of authentication, and is required by most implementations of PPP running on UNIX servers. Your system administrator or Internet provider will give you a PPP user id and password to use for the UNIX login.

Password Authentication Protocol (PAP)

The Password Authentication Protocol (PAP) is an optional authentication method that identifies the client based on its PAP id and PAP password. Your system administrator or Internet provider will give you a PAP id and password, if this feature is enabled on the remote server.

Challenge Handshake Authentication Protocol (CHAP)

The Challenge Handshake Authentication Protocol (CHAP) is an optional authentication method, which is more secure than PAP. CHAP identifies the client based on its CHAP id and a challenge value that is calculated from the CHAP secret. Your system administrator or Internet provider will give you a CHAP id and secret, if this feature is enabled on the remote server.

Dynamic Challenge-Response Authentication

Solstice PPP can be used in conjunction with third-party, dynamic challenge-response authentication products. These products issue a challenge value that requires a response from the user. This response is calculated dynamically based on the challenge value. Note that this is the only authentication method that controls the identity of the user rather than the identity of the client machine.

Solstice PPP uses interactive CHAT scripts, which are discussed in the next section, to support challenge-response authentication.