CHAP Authentication
The Oracle® Enterprise Session Border Controller initiates the authentication with an authentication START packet.
+-----------------------------------+ | Common Header | | minor_version contains 0x1 | | type contains 0x1 | +--------+--------+--------+--------+ |action |priv_lvl|authen_ |service | | | |type | | | 0x01 | 0x01 | 0x03 | 0x01 | |--------+--------+--------+--------+ |user_len|port_len|rem_addr|data_len| | | |_len | | | N | N | N | N | +--------+--------+--------+--------+ | user | +-----------------------------------+ | port | | tty10 | +-----------------------------------+ | rem_addr | | localhost address | +-----------------------------------+ | data ... | +-----------------------------------+
- The action field specifies the requested authentication action — 0x01 for TAC_PLUSAUTHEN_LOGIN (authentication of a user login).
- The priv_lvl field specifies the privilege level requested by the user — 0x01 for TAC_PLUS_PRIV_LVL_USER.
- The authen_type field specifies the authentication methodology — 0x03 for TAC_PLUS_AUTHEN_TYPE_CHAP (CHAP login).
- The service field specifies the requesting service — 0x01 for TAC_PLUS_AUTHEN_SVC_LOGIN (login service).
- The user_len field contains the length, in octets, of the user field.
- The port_len field contains the length, in octets, of the port field.
- The rem_addr_len field contains the length, in octets, of the rem_addr field.
- The data_len field contains the length, in octets, of the date field.
- The user field contains the username to be authenticated.
- The port field contains the name of the Oracle® Enterprise Session Border Controller port on which authentication is taking place. Following Cisco Systems convention, this field contains the string tty10 .
- The rem_addr field specifies the location of the user to be authenticated. This field contains the localhost address.
- The data field contains the password to be authenticated.
The TCACS+ daemon returns an authentication REPLY reporting the authentication result.
+-----------------------------------+ | Common Header | | minor_version contains 0x1 | | type contains 0x1 | +--------+--------+-----------------+ | status | flags | server_msg_len | | 0x01 | | 0 | |--------+--------+-----------------+ | data_len | | 0 | +-----------------+
- The status field specifies the authentication result — 0x01 for TAC_PLUS_AUTH_STATUS_PASS (authorization succeeds), or 0x02 for TAC_PLUS_AUTH_STATUS_FAIL (authorization fails).
- The server_msg_len and data_len fields both contain a value of 0 , as required by the TACACS+ protocol.
- Other, optional fields are not used.