 |
 |
 |
|
|
|
|
|
|
PAP is a simple method where the remote node establishes its identity using a "two-way handshake." The remote tries to log in, and if the User Name/Password pair are correct, the host acknowledges the remote. With this method, all handshaking is done only when the Data Link is established.
PAP is not a robust authentication protocol. Passwords are sent across the link in plain text and there is no protection from someone recording the User Name/Password pair during the initial handshaking. Also, if the Passwords chosen are not very "strong" (i.e., User Name = username, Password = password), an intruder may be able to just guess the correct combination.