System authentication

PPP connections with an iSeries™ server support several options for authenticating both remote clients dialing in to the iSeries, and connections to an ISP or other server that the iSeries is dialing.

The iSeries supports several methods for maintaining authentication information, ranging from simple validation lists on the iSeries that contain lists of authorized users and associated passwords, to support for RADIUS servers that maintain detailed authentication information for your network users. The iSeries also supports several options for encrypting user ID and password information, ranging from a simple password exchange to maceration support with CHAP-MD5. You can specify your preferences for system authentication, including a user ID and password used to validate the iSeries when dialing out, on the Authentication tab of the connection profile in iSeries Navigator.

CHAP-MD5
Challenge Handshake Authentication Protocol (CHAP-MD5) uses an algorithm (MD-5) to calculate a value that is known only to the authenticating system and the remote device.
EAP
Extensible Authentication Protocol (EAP) allows third-party authentication modules to interact with the PPP implementation.
PAP
Password Authentication Protocol (PAP) uses a two-way handshake to provide the peer system with a simple method to establish its identity.
RADIUS overview
Remote Authentication Dial In User Service (RADIUS) is an Internet standard protocol which provides centralized authentication, accounting and IP management services for remote access users in a distributed dial-up network.
Validation list
A validation list is used to store user ID and password information about remote users.

Parent topic: Plan PPP

Related reference

Scenario: Connect your iSeries server to a PPPoE access concentrator

Scenario: Authenticate dial-up connections with RADIUS NAS

Scenario: Manage remote user access to resources using Group Policies and IP filtering