Filter
Top Products
Managing Access Server Security 22-33
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication
Enabling AUTOLINK Authentication
If you want authenticated logins, you must separately configure the port to require
AUTOLINK AUTHENTICATION. The authentication can be by PPP PAP, PPP
CHAP, or interactively by terminal emulation (which could be a script). The PC client
is required to provide one authentication. SLIP users are treated as if they are
character-cell users.
Once authentication is successful, the protocol identified by AUTOLINK (PPP, SLIP,
or local login) starts.
Example: Enabling AUTOLINK Authentication
The following example shows how to enable AUTOLINK authentication:
Local> DEFINE PORT AUTOLINK AUTHENTICATION ENABLE
The SHOW PORT CHARACTERISTICS command shows AUTOLINK
authentication enabled in the ENABLED CHARACTERISTICS section.
Specifying an Authentication Method
The following table describes the authentication method used when you enable
AUTOLINK AUTHENTICATION and specify an LCP authentication method, and an
interactive authentication was not already performed prior to LCP negotiation.
LCP
Authentication
Results
PAP USERNAME PC clients that connect immediately using PPP will be
authenticated using PPP PAP authentication.
This setting is required when you use Kerberos or
SecurID authentication. For Kerberos authentication,
you must set the Kerberos realm default ACCESS to
NONE.
For other forms of authentication, such as RADIUS,
CHAP USERNAME may be used.
If you user the PAP NOUSERNAME options with the
PORT LCP AUTHENTICATION command, the
login fails.
Disabled PC clients that connect immediately using PPP will be
authenticated using either CHAP or PAP
authentication. If the LCP negotiation for CHAP is not
acknowledged, the DECserver requires PPP PAP
authentication.