Which authentication method is the default in RADIUS?

The default authentication method in RADIUS is PAP (Password Authentication Protocol). This is because RADIUS primarily operates in environments where devices need to interact with a RADIUS server to authenticate users. PAP is a simple and straightforward method that transmits user credentials (username and password) in plaintext, making it easy to implement and compatible with a wide range of devices.

PAP is particularly useful in scenarios where strong encryption is not a requirement or where the network environment is considered secure enough that the risks associated with sending credentials in plaintext are manageable. Its simplicity is why it is often regarded as the default choice for basic authentication needs in RADIUS deployments.

While other methods such as CHAP, MSCHAP, and MSCHAPv2 offer enhanced security features by incorporating hashing and challenge-response mechanisms, they typically require additional configuration and are not the out-of-the-box default behavior of RADIUS. Therefore, for many standard implementations, PAP remains the go-to method when ease of setup and compatibility with various devices are prioritized.