Radiator Server Documentation — v10.33.2

chap

CHAP action for CHAP authentication

Table of Contents
  • chap
  • Basic Syntax
  • Result

chap

Validates passwords using the Challenge-Handshake Authentication Protocol (CHAP). CHAP uses a challenge-response mechanism that avoids transmitting the password in cleartext.

Basic Syntax

@execute {
    backend {
        name "USERS";
        query "FIND_USER";
    }

    chap;
}

Result

The chap action produces the following pipeline results:

  • Accept: The challenge-response verification succeeds. Execution continues to the next action.
  • Reject: Authentication failed. This occurs when:
    • The user was not found (reason: "No such user"). Ensure the preceding backend action populates the user context.
    • The response does not match (reason: "Incorrect password").
  • Ignore: The request does not contain CHAP credentials. This allows combining chap with other authentication actions such as pap or mschapv2 in the same pipeline - the non-matching action is skipped.
Table of Contents
Navigation
Home

  • accept

  • all

  • any

  • append

  • assert

  • backend

  • challenge

  • chap

  • conditions

  • copy

  • count

  • debug

  • discard

  • each

  • eap

  • error

  • filter

  • first

  • hotp

  • http-basic-auth

  • if

  • ignore

  • invoke

  • log

  • map

  • message

  • modify

  • mschap

  • mschapv2

  • none

  • pap

  • reason

  • reject

  • reject_errors

  • replace

  • reply

  • rewrite

  • set

  • sleep

  • sometimes

  • stop

  • totp

  • trace

  • try

  • until

  • while

  • with

  • yubikey

Navigation
Home