PAP or CHAP implementation

Peter Sprenger sprenger at
Fri May 5 19:09:24 CEST 2017


I have implemented an embedded client that sends authentication
requests either with User-Password (Attr Type 2) or CHAP-Password
(Attr Type 3). This works perfectly, the requests are accepted or
rejected from FreeRadius.

1. But how is User-Password (Attr Type 2) declared? Is this PAP? It
don't seems so, since in all descriptions PAP means plain text, and
the  User-Password  is  MD5'ed  with  random  authenticator and shared
secret. How to label this authentication for the client user?

2. When I use CHAP-Password (Attr Type 3) in the request it works
without problems. But shouldn't this attribute part of a Challenge
Response? How can I activate that?

Since I wrote my own client, I want a clean implementation and make no

Best Regards,




Moving Bytes Communications, Systementwicklung GmbH
Geschäftsführer Peter Sprenger
D-50226 Frechen
Registergericht: Amtsgericht Köln, HRB 30047
Ust-IDNr.: DE195140727

Tel.: +49/2234/430-9207
Fax.: +49/2234/430-9205
Email: sprenger at

More information about the Freeradius-Users mailing list