| |
Using PAP or CHAP authentication also provides a method of remote system authentication. When the local system accepts an inbound on-demand connection, the remote system must be identifiable so the local system can reestablish the connection if it is terminated before the data transfer is complete. This is similar to asking telephone callers for their phone numbers, in case you need to call them back.
On-demand connections work reliably only if the called system can establish a return connection. This requires proper configuration of static routes and services, WAN call destinations, and network interface authentication at both ends of the connection. Therefore, if a called Novell Internet Access Server 4.1 system does not have the required configuration information necessary to reestablish a connection to the calling system, it does not accept the initial connection attempt.
For example, your router initiates an on-demand connection to a remote server on behalf of a local client workstation. After the connection is established, the client initiates a database search on the remote server. Before the database search is completed, the on-demand connection is terminated because an idle data-link timeout occurs. Later, when the response to the database search is eventually available, the remote server no longer has a connection to your router. The client operation fails unless the static routing database at the remote server contains the information needed to reestablish the connection. The remote server uses the router's system ID and static route information to reestablish the connection.
Because the ID strings used by PAP and CHAP authentication provide a peer system identification mechanism that solves this problem, PAP or CHAP authentication is required for on-demand connections. The local and remote system ID strings associated with PAP and CHAP authentication typically represent the NetWare server names of the local and remote NetWare Link/PPP connection peers.
| |