USRobotics NETServer/8 User Manual
Page 85
LAN-to-LAN Routing 6-11
A CHAP Challenge Example
At the Corporate site is a NETServer with the Sysname of
NETSERVE. A typical authentication might resemble the
following:
1.
A remote NETServer establishes a connection and negoti-
ates for an authentication procedure.
2.
NETSERVE becomes responsible for issuing a CHAP
challenge. Inside that challenge is a User Name string
containing the name NETSERVE and the random challenge
string LASDFH;LASD.
3.
When the remote NETServer receives the challenge, it
checks its local User Table for the entry NETSERVE.
4.
Finding the entry, the remote NETServer learns the shared
secret password CHAP_PW and passes the string
CHAP_PWLASDFH;LASD through MD5.
5.
MD5 forms a response which the remote NETServer sends
back to NETSERVE. Contained within the response is a
User Name containing the Sysname of the remote
NETServer.
6.
NETSERVE then looks in the User Table for the name of the
remote NETServer, and uses the password and the challenge
string to validate the CHAP response received from the
remote NETServer.
7.
If the password comparison is successful, NETSERVE will
then send a CHAP successful message back to the remote
NETServer and the connection is complete. If the MD5
comparison fails, a CHAP failure message is sent to the
remote NETServer and the process repeats.