Shiva Password Authentication Protocol (SPAP) now included in Windows Server 2008 which works in co-ordination with RADIUS and encrypts the password so that it transferred securely within the Network
Shiva Password Authentication Protocol (SPAP) is a simple encrypted password authentication protocol supported by Shiva remote access servers. With SPAP, the remote access client sends an encrypted password to the remote access server. SPAP uses a two-way encryption algorithm. The remote access server decrypts the password and uses the plaintext form to authenticate the remote access client.
Shiva Password Authentication Protocol (SPAP) is a reversible encryption mechanism employed by Shiva. A computer running Windows XP Professional, when connecting to a Shiva LAN Rover, uses SPAP, as does a Shiva client that connects to a server running Routing and Remote Access. This form of authentication is more secure than plaintext but less secure than Challenge Handshake Authentication Protocol (CHAP) or Microsoft Challenge Handshake Authentication Protocol (MS-CHAP).
To enable SPAP-based authentication, you must do the following:
- Enable SPAP as an authentication protocol on the RADIUS client. SPAP is disabled by default.
- Enable SPAP on the appropriate network policy. SPAP is disabled by default.
- Enable SPAP on the access client