Techniques for authenticating a user for access to an IP network include receiving from the user's host a DHCP request which includes user identifier data. A random challenge value is determined and sent to the user's host in a DHCP message format. A response message that includes a response value is received from the user's host in DHCP format. A verification value is determined based on a password value associated with the user identifier value in an AAA server and the current challenge value using a secure process that renders impractical an attempt to derive the password. If it is determined that the response value does not match the verification value, then a DHCP offer is prevented from being sent to the user's host in response to the DHCP request. Thus, a user is authenticated using DHCP instead of PPP.