RFC 2548 (rfc2548) - Page 2 of 41
Microsoft Vendor-specific RADIUS Attributes
Alternative Format: Original Text Document
RFC 2548 Microsoft Vendor-specific RADIUS Attributes March 1999
2.1. Attributes for Support of MS-CHAP Version 1
2.1.1. Introduction
Microsoft created Microsoft Challenge-Handshake Authentication
Protocol (MS-CHAP) [4] to authenticate remote Windows workstations,
providing the functionality to which LAN-based users are accustomed.
Where possible, MS-CHAP is consistent with standard CHAP [5], and the
differences are easily modularized. Briefly, the differences between
MS-CHAP and standard CHAP are:
* MS-CHAP is enabled by negotiating CHAP Algorithm 0x80 in LCP
option 3, Authentication Protocol.
* The MS-CHAP Response packet is in a format designed for
compatibility with Microsoft Windows NT 3.5, 3.51 and 4.0,
Microsoft Windows95, and Microsoft LAN Manager 2.x networking
products. The MS-CHAP format does not require the authenticator
to store a clear-text or reversibly encrypted password.
* MS-CHAP provides an authenticator-controlled authentication
retry mechanism.
* MS-CHAP provides an authenticator-controlled password changing
mechanism.
* MS-CHAP defines an extended set of reason-for-failure codes,
returned in the Failure packet Message field.
The attributes defined in this section reflect these differences.
2.1.2. MS-CHAP-Challenge
Description
This Attribute contains the challenge sent by a NAS to a Microsoft
Challenge-Handshake Authentication Protocol (MS-CHAP) user. It
MAY be used in both Access-Request and Access-Challenge packets.
A summary of the MS-CHAP-Challenge Attribute format is shown below.
The fields are transmitted from left to right.
Zorn Informational