Name

User-Password

Synopsis

Attribute Number

2

Length

18 to 130 octets

Value

STRING

Allowed in

Access-Request

Prohibited in

Access-Accept, Access-Reject, Access-Challenge

Presence in Packet

Required, unless CHAP-Password is present

Maximum Iterations

1

This attribute is designed to carry authentication information that a user provides in order to gain access to network services. Primarily, the content of this value will be an encrypted password, but sometimes it can be the response from an Access-Challenge packet sent to the client from the RADIUS server. Most commonly, the length of the value is 16 octets, which is the RFC minimum, but the RFC also permits the value of this attribute to span as long as 130 octets.

As mentioned in Chapter 1 and Chapter 2, the presence of the User-Password attribute typically indicates that the given transaction will use PAP authentication in lieu of CHAP. Refer to Chapter 2 for an explanation of the hiding and encrypting process used in PAP authentication.

Get RADIUS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.