Re: [Emerald] Authentication problem

Gulam Chagani ( (no email) )
Thu, 23 Mar 2000 22:15:04 +0300

Thanks for your help. All my windows users do NOT have "require encrypted
password" selected, but they still authenticate using CHAP. I suppose
deleting CHAP and SPAP keys from the registry on the RRAS server is the only
option that will force ALL users to come in with PAP.


----- Original Message -----
From: Josh Hillman <>
To: <>
Sent: Thursday, March 23, 2000 5:33 PM
Subject: Re: [Emerald] Authentication problem

> > From: <>
> > > I have found a registry key to force all users to use PAP, however I
> > > have the following concerns:
> > >
> > > 1. Do all clients support PAP, if CHAP and MS-CHAP are not available
> > > ? In a windows client, where exactly in DUN is the setting to use PAP
> Windows 95/98/NT4/2000 all support PAP and CHAP. If CHAP is not enabled,
> uses PAP (unless for some reason the user has a post-dial-up terminal
> pop up). In Win95/98 from within Dial-Up Networking, right-click on the
> connection profile, then click on "Server Types". CHAP corresponds to
> "Require encrypted password"--when that's not set, PAP is automatically
> used.
> In Windows NT 4, from within Dial-Up Networking, go into the connection
> properties and under the Security tab, the first entry ("accept any
> authentication including clear text") refers to PAP. The second option,
> "accept only encrypted authentication" refers to CHAP.
> I don't remember off-hand how Windows 2000 handles this, but I think it's
> almost the same as Windows 98.
> > > 2. What about non windows clients ? e.g mac or unix.
> These vary depending on the operating system. Even in cases where PAP may
> not be available, there's usually some old scripting method that will get
> the user logged on.
> Josh
> For more information about this list (including removal) go to:

For more information about this list (including removal) go to: