Remote Access Server |
The Shiva Password Authentication Protocol (SPAP) is a reversible encryption mechanism employed by Shiva remote access servers. A Windows 2000 remote access client can use SPAP to authenticate itself to a Shiva remote access server. A remote access client running Windows 32-bit operating systems can use SPAP to authenticate itself to a Windows 2000 remote access server. SPAP is more secure than PAP but less secure than CHAP or MS-CHAP. SPAP offers no protection against remote server impersonation.
The use of SPAP is negotiated during LCP negotiation by specifying the authentication protocol LCP option (type 3) and the authentication protocol 0xC0-27. Once LCP negotiation is complete, SPAP messages use the PPP protocol ID of 0xC0-27.
Like PAP, SPAP is a simple exchange of messages: