3.3.1 Abstract Data Model

This section describes a model of possible data organization that a peer-side implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This specification does not mandate that an implementation adhere to this model as long as the external behavior of the implementation is consistent with the behavior that is described in this document.

The EAP-CHAP server participating in this protocol MUST maintain the following variables:

RetryCount: An unsigned integer indicating the number of times the peer will be allowed to resubmit the challenge response. This variable is initialized to a non-negative integer as part of EAP-CHAP method configuration and is used as specified in section 3.3.5.2.

AllowPasswordChange: A Boolean variable indicating whether the server allows the client to change the client password after it has expired. This variable is initialized as part of EAP-CHAP method configuration and is used as specified in section 3.3.5.2.

The server maintains the current state of the authentication in an integer variable called currentState. The currentState variable is initialized when the server starts the EAP-CHAP authentication, and remains valid until authentication is completed. At any point in time, the currentState variable can have one of the following values, each one representing the current state of the server.

• EAP_CHAP_CHALLENGE_SENT

• EAP_CHAP_SUCCESS_REQUEST_SENT

• EAP_CHAP_FAILURE_REQUEST_SENT

• EAP_CHAP_CHANGE_PASSWORD_SENT

• EAP_CHAP_SUCCESS

• EAP_CHAP_FAILED

Figure 4: EAP-CHAP server state machine