PAP

PAP (Password Authentication Protocol) is a protocol that allows unencrypted name and password authentication for access to a specific server.

Principle of operation

PAP is mainly used to provide remote access on older UNIX-based servers. First, such servers do not support other similar protocols. Secondly, PAP is considered to be an insecure protocol because the login/password pair is transmitted in plain text and can be easily read.

The protocol involves two systems. One is the remote computer and the other is the data validation system. From the remote computer information is submitted, and the second system authenticates this information with the access control database. As a result of successful validation, the user of the first system gains access to the network.

Data validation using PAP is initiated by sending an LCP packet that contains the hexadecimal number of the PAP. The packets are then exchanged. There are 3 PAP packets:

• Request – authentication request. Here the data of the party being authenticated is sent to the verifying party. The request can be repeated many times until it receives an acknowledgement or the timer runs out.
• Ack – confirmation.
• Nak – rejection.

Acknowledgement or denial packets contain result information and message length in bytes. The result information is not regulated and can be of any type.