System Administration Guide: Network Services

What Happens During CHAP Authentication

CHAP authentication occurs in the following sequence.

Figure 22–2 CHAP Authentication Sequence

The following context describes the sequence that is
shown in the flow diagram.

  1. Two peers that are about to initiate communications agree on a secret to be used for authentication during negotiation of a PPP link.

  2. The administrators of both machines add the secret, CHAP user names, and other CHAP credentials to the /etc/ppp/chap-secrets database of their respective machines.

  3. The caller (authenticatee) calls the remote peer (authenticator).

  4. The authenticator generates a random number and an ID, and sends this data to the authenticatee as a challenge.

  5. The authenticatee looks up the peer's name and secret in its /etc/ppp/chap-secrets database.

  6. The authenticatee calculates a response by applying the MD5 computational algorithm to the secret and the peer's random number challenge. Then the authenticatee sends the results as its response to the authenticator.

  7. The authenticator looks up the authenticatee's name and secret in its /etc/ppp/chap-secrets database.

  8. The authenticator calculates its own figure by applying MD5 to the number that was generated as the challenge and the secret for the authenticatee in /etc/ppp/chap-secrets.

  9. The authenticator compares its results with the response from the caller. If the two numbers are the same, the peer has successfully authenticated the caller, and link negotiation continues. Otherwise the link is dropped.