|MS-CHAP, Microsoft PPP CHAP Extensions|
|Type:||PPP link control protocol.|
MS-CHAP is used to periodically authenticate the identity of the peer.
MS-CHAP version 1 is enabled by negotiating CHAP Algorithm 0x80 in LCP option 3.
MS-CHAP version 2 is enabled by negotiating CHAP Algorithm 0x81 in LCP option 3.
This document describes Microsoft's PPP CHAP dialect (MS-CHAP), which extends the user authentication functionality provided on Windows networks to remote workstations. MS-CHAP is closely derived from the PPP Challenge Handshake Authentication Protocol (CHAP).
Microsoft created MS-CHAP to authenticate remote Windows workstations, providing the functionality to which LAN-based users are accustomed while integrating the encryption and hashing algorithms used on Windows networks.
Where possible, MS-CHAP is consistent with standard CHAP. Briefly, the differences between MS-CHAP and standard CHAP are:
- The MS-CHAP Response packet is in a format designed for compatibility with Microsoft's Windows NT 3.5, 3.51 and 4.0, and Windows95 networking products. The MS-CHAP format does not require the authenticator to store a clear-text or reversibly encrypted password.
- MS-CHAP provides authenticator-controlled authentication retry and password changing mechanisms.
- MS-CHAP defines a set of reason-for-failure codes returned in the Failure packet Message field.
[RFC 2433] Microsoft PPP CHAP Extensions.
[RFC 2759] Microsoft PPP CHAP Extensions, Version 2.