CHAP Authentication

The Oracle® Enterprise Session Border Controller initiates the authentication with an authentication START packet. 

+-----------------------------------+
|           Common Header           |
|     minor_version contains 0x1    |
|         type contains 0x1         |
+--------+--------+--------+--------+
|action  |priv_lvl|authen_ |service |
|        |        |type    |        |
|  0x01  |  0x01  |  0x03  |  0x01  |
|--------+--------+--------+--------+
|user_len|port_len|rem_addr|data_len|
|        |        |_len    |        |
|    N   |    N   |    N   |    N   |
+--------+--------+--------+--------+
|                user               |
+-----------------------------------+
|                port               |
|               tty10               |
+-----------------------------------+
|              rem_addr             |
|         localhost address         |
+-----------------------------------+
|              data ...             |
+-----------------------------------+
  • The action field specifies the requested authentication action — 0x01 for TAC_PLUSAUTHEN_LOGIN (authentication of a user login).
  • The priv_lvl field specifies the privilege level requested by the user — 0x01 for TAC_PLUS_PRIV_LVL_USER.
  • The authen_type field specifies the authentication methodology — 0x03 for TAC_PLUS_AUTHEN_TYPE_CHAP (CHAP login).
  • The service field specifies the requesting service — 0x01 for TAC_PLUS_AUTHEN_SVC_LOGIN (login service).
  • The user_len field contains the length, in octets, of the user field.
  • The port_len field contains the length, in octets, of the port field.
  • The rem_addr_len field contains the length, in octets, of the rem_addr field.
  • The data_len field contains the length, in octets, of the date field.
  • The user field contains the username to be authenticated.
  • The port field contains the name of the Oracle® Enterprise Session Border Controller port on which authentication is taking place. Following Cisco Systems convention, this field contains the string tty10 .
  • The rem_addr field specifies the location of the user to be authenticated. This field contains the localhost address.
  • The data field contains the password to be authenticated.

The TCACS+ daemon returns an authentication REPLY reporting the authentication result. 

+-----------------------------------+
|           Common Header           |
|     minor_version contains 0x1    |
|         type contains 0x1         |
+--------+--------+-----------------+
| status |  flags |  server_msg_len |
|  0x01  |        |        0        |
|--------+--------+-----------------+
|     data_len    |
|        0        |
+-----------------+
  • The status field specifies the authentication result — 0x01 for TAC_PLUS_AUTH_STATUS_PASS (authorization succeeds), or 0x02 for TAC_PLUS_AUTH_STATUS_FAIL (authorization fails).
  • The server_msg_len and data_len fields both contain a value of 0 , as required by the TACACS+ protocol.
  • Other, optional fields are not used.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents