Share via


Phase 2: PPP User Authentication (Windows Embedded CE 6.0)

1/6/2010

In the second phase, the client computer presents the user's credentials to the remote access server. An authentication scheme that uses industry-standard security technologies helps protect your data against replay attacks and remote client impersonation.

Note

A replay attack occurs when a third party monitors a successful connection and uses captured packets to play back the remote client's response so that it can gain an authenticated connection. Remote client impersonation occurs when a third party takes over an authenticated connection. The intruder waits until the connection has been authenticated and then traps the conversation parameters, disconnects the authenticated user, and takes control of the authenticated connection.

Most implementations of PPP provide limited authentication methods, typically Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft Challenge Handshake Authentication Protocol (Microsoft CHAP).

During Phase 2 of PPP link configuration, the NAS collects the authentication data and then validates the data against its own user database or against a central authentication database server, such as one maintained by a Windows NT® Primary Domain Controller (PDC) or a Remote Authentication Dial-In User Service (RADIUS) server.

See Also

Concepts

Creating a PPP Dial-up Session
PPP Authentication Protocols