[Openswan Users] Windows XP Chap Secrets?

Jacco de Leeuw jacco2 at dds.nl
Sun Jun 12 12:38:02 CEST 2005

Jerome Kaidor wrote:

> So anybody know where Windoze keeps these, and how to set them?

Probably somewhere in its registry. There is a file
\Documents and Settings\%Username%\Application 
but it does not contain the usernames and passwords.

> I think I'll try just setting everything to PAP and snarfing the
> password with tcpdump.

Why do you want to know those passwords anyway? Normally you should
know them already. You set passwords on the server and distribute
them to the users.

> OTOH, is there any compelling reason to use CHAP?  The 
> entire session is, after all, encrypted with IPSEC.

With PAP the user will get a silly warning from Windows. It complains
that the password is not encrypted. As you noted, this is nonsense
because the connection is already encrypted by IPsec. So there is
no particular reason to choose CHAP over PAP, except to reduce
potential confusion for users.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list