System authentication

PPP connections with a System i™ platform support several options for authenticating both remote clients dialing in to the system and connections to an ISP or another system that the system is dialing to.

The system supports several methods for maintaining authentication information, ranging from simple validation lists on the system that contain lists of authorized users and associated passwords to support for Remote Authentication Dial In User Service (RADIUS) servers that maintain detailed authentication information for your network users. The system also supports several options for encrypting user ID and password information, ranging from a simple password exchange to support with Challenge Handshake Authentication Protocol (CHAP-MD5). You can specify your preferences for system authentication, including a user ID and password to validate the system when dialing out, on the Authentication tab of the connection profile in iSeries™ Navigator.

• Challenge Handshake Authentication Protocol with MD5
  Challenge Handshake Authentication Protocol (CHAP-MD5) uses an algorithm (MD-5) to calculate a value that is known only to the authenticating system and the remote device.

• Extensible Authentication Protocol
  Extensible Authentication Protocol (EAP) enables third-party authentication modules to interact with the PPP implementation.

• Password Authentication Protocol
  Password Authentication Protocol (PAP) uses a two-way handshake to provide the peer system with a simple method to establish its identity.

• Remote Authentication Dial In User Service overview
  Remote Authentication Dial In User Service (RADIUS) is an Internet standard protocol that provides centralized authentication, accounting and IP management services for remote access users in a distributed dial-up network.

• Validation list
  A validation list is used to store user ID and password information about remote users.

Parent topic: