USRobotics NETServer/8 User Manual

6-10 LAN-to-LAN Routing

•

A “challenge value” (a randomly generated string of
characters)

The challenged system then concatenates the challenge value
with the shared secret and passes the new string through a
hashing algorithm. When the hashing algorithm has formed a
response based on this string, the challenged system replies with
a packet containing both the response value and a user name.

The authenticating host looks up the correct password for the
user name received and then performs the same calculations the
client performed, comparing the result to the response value
received. If the results match, the challenged system is allowed
to pass through. However, the authenticating host can issue
additional CHAP challenges at any time during the connection.

Note:

both ends of the connection must be using the same

hashing algorithm for the connection to succeed. The
NETServer uses an algorithm called MD5.

CHAP Setup for the NETServer

Because both sides of a CHAP connection need to look up a
password, each side requires a user table entry for the other
system. Note that each of these user table entries must have a
password and the passwords must be identical.

•

Whether dialing in or authenticating, the NETServer puts its
Sysname in the user name field. This means that the remote
system must have a user table entry with this user name.

•

The NETServer must have a (network user) user table entry
for the user name the remote system sends. Note that if the
remote device is another NETServer, it will be sending its
Sysname.

•

These user table entries must not be configured as dialback
users.