点对点协议 (PPP) 基本上使用身份验证方法来简单地识别和确定远程设备。还需要身份验证以保护两个端点之间的通信。身份验证基本上是一个检查和验证用户详细信息的过程,只是为了识别用户并允许访问系统和所有资源。
PPP 认证通常需要两种方法。这些方法如下:
1. 密码认证协议(PAP):
它为远程节点提供了一种简单易行的方法,只需建立和开发其身份以及双向链接。这些通常用于公共 FTP 站点和其他公共区域。
2. 质询握手认证协议(CHAP):
CHAP 基本上是一种加密身份验证方法,用于验证对等方的身份。它还使用加密算法来传递身份验证数据以保护它免受黑客攻击。它在互联网上被广泛使用。
PAP 和 CHAP 的区别:
Password Authentication Protocol | Challenge Handshake Authentication Protocol |
---|---|
It is a two-step process to verify the identity of the client. | It is a three-step process of exchange of a shared secret. |
Authentication is only requested at the initial time of establishment of link or connection. | Authentication is requested at the initial time of establishment of link or connection and can also be requested after the establishment of link or connection. |
This protocol is less secured implementation as actual passwords are transmitted without any encryption code or pattern through the link. | This protocol is highly secure in implementation as the actual password is never transmitted through the link. |
In this, both the user name and passwords are transmitted through the link. | In this, only the username is transmitted through the link. |
Unencrypted usernames and Passwords are usually transmitted in plain text. | Encrypted username and password are usually transmitted in this type of authentication. |
It also allows point to point protocol to validate users i.e. to check and verify the users. | It is a communication protocol that simply authenticates a user or a network host to an authentication entity. |
It does not provide protection and prevention from trial and error attacks. | It effectively provides protection and prevention from trial and error attacks. |
It cannot do repeated midsession authentications. | It can also do repeated midsession authentications. |
Its usage has been decreased due to security issues. | It is used by remote users, routers, and NASs simply to provide authentication before connectivity. |
In PAP, Authentication is done only at the caller side or client side. | In CHAP, Authentication is done at both of the sides. |