Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2148
Views
0
Helpful
1
Replies

PPP CHAP & TACACS+ packet flow details

famiglietti.m
Level 1
Level 1

‎01-19-2004 09:35 AM - edited ‎03-10-2019 07:38 AM

I know the packet flow when using CHAP without TACACS, and I know the TACACS packet flow, but I can't find anything documenting the actual authentication process when the two are combined. Here's a sample question I'm trying to sort out:

Router A dials Router B. Assuming default ppp authentication chap statement on both ends, either could attempt to initiate CHAP. Assume Router A sends the CHAP packet to Router B. Router A has to know the name of the remote router, so you still have to have the username definition in Router A for Router B, correct? (i.e., Router A can't go to the TACACS server and ask for the hash to send to Router B, can it?). As I understand it, Router B gets the hash, and sends it to the TACACS server for verification. The TACACS server sends back a yes or a no. How is this a three way authentication then? And can Router B get away with not having any usernames defined?

Does anyone know of a good technical description of the authentication process when combining CHAP and TACACS+?

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

benhur.p
Level 1
Level 1

‎01-26-2004 07:10 AM

If you have any update on this, can you post it on forum? would be useful for all.

0 Helpful
Customers Also Viewed These Support Documents