Authentication in PPP

PPP can support  authentication operations at the  beginning of a connection. In some  cases reauthentication is also  possible  during  a session.  Endpoints negotiate authentication in the same manner as other options. Authentication is pee r to peer again without  distinction between calling and called parties. This allows either or both endpoints to request authentication credentials from each other. In fact the protocols  for passing  credentials may be differently  may be different for each endpoint. The default is no authentication required. However you can  configure you PPP  software to require it.

The authenticating state  of a PPP connection follows  the establishing  state if either  endpoint agrees tousle an authentication protocols. Otherwise  the connection  transitions immediately  to eh network  state skipping authentication steps altogether. The two common  authentication protocols authentication protocols are:

a.The password authentication protocols (PAP)

b.The challenge  handshake authentication protocols ( CHAP)

These  protocols  have  assigned  numbers and are arguments to the authentication protocols  options  PPP endpoints  include in LCP configure packets. As usual if one PPP endpoint requests  its peer to authenticate itself with a protocols  the peer doesn't understand the  peer  rejects it in an LCP  configure nak response. This endpoint may  propose another  protocols  its peer understand  or terminate the connection.

Each  authentication protocols  has well defined  procedures regarding the messages that endpoint must  send and receive during the authenticating state.  Besides PSP  and CHAP there are  other extensible authentication protocols  in development  and there exists several proprietary protocols  as well.