3.1.1 Abstract Data Model

This section describes a conceptual model that an implementation can maintain to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This specification does not mandate that an implementation adhere to this model as long as the external behavior of the implementation is consistent with the behavior that is described in this document.

The EAP-CHAP peer and server participating in this protocol must maintain the following variables.

PeerChallenge: A 16-octet random number generated by peer and used in the generation of NT Response ([RFC2759] section 4), Master Session Key (section 3.1.5.1), and AuthenticatorResponse ([RFC2759] section 5).

AuthenticatorChallenge: A 16-octet random number generated by EAP Server and used in the generation of NT Response ([RFC2759] section 4), Master Session Key (section 3.1.5.1), and AuthenticatorResponse ([RFC2759] section 5).

Username: A 0-256 octet string formed by using the system active ANSI code page as specified in [MS-UCODEREF] section 2.2.1, and used in the generation of NT Response ([RFC2759] section 4), Master Session Key (section 3.1.5.1), and AuthenticatorResponse ([RFC2759] section 5).

Password: A 0-256 Unicode string (generated using Normalization Form C [UNICODE5.0.0/2007]), used in the generation of NT Response ([RFC2759] section 4), Master Session Key (section 3.1.5.1), and AuthenticatorResponse ([RFC2759] section 5). The Password could belong to a user or a machine, and is obtained in an implementation-specific mechanism.

fUseWinLogonCreds: A Boolean flag (configured through LogonCreds flag as specified in [MS-GPWL] section 2.2.3.1.3) indicating whether Username and Password are obtained from the currently logged on user context.

Show: