As per Relevance of the word responds, we have this rfc below:
Network Working Group K.
Request for Comments: 1412 Digital Equipment
January 1993
Telnet Authentication:
Status of this
This memo defines an Experimental Protocol for the
community. Discussion and suggestions for improvement are requested
Please refer to the current edition of the "IAB Official
Standards" for the standardization state and status of this protocol
Distribution of this memo is unlimited
1. Command Names and
Authentication
SPX 3
Suboption
AUTH 0
REJECT 1
ACCEPT 2
2. Command
IAC SB AUTHENTICATION IS <authentication-type-pair>
authentication token> IAC
This is used to pass the SPX authentication token to the
side of the connection. (A document which describes
authentication token syntax is forthcoming.) The first octet
the <authentication-type-pair> value is SPX. The second octet
a modifier to the SPX authentication type
IAC SB AUTHENTICATION REPLY <authentication-type-pair>
response> IAC
This command indicates that the authentication was successful
After an SPX authentication exchange, both sides have
established a random 8-byte key to be used as the default key
the ENCRYPTION option. If the AUTH_HOW_MUTUAL bit is set in
second octet of the authentication-type-pair, the sender
the mutual response bytes. The receiver of the ACCEPT
compares the "mutual response" with its expected mutual response
Telnet Working Group [Page 1]
RFC 1412 SPX for Telnet January 1993
(A document which describes the mutual response syntax is
coming.) If the AUTH_HOW_ONE_WAY bit is set in the second
of the authentication-type-pair, the sender includes zero bytes
mutual response
IAC SB AUTHENTICATION REPLY <authentication-type-pair>
<optional reason for rejection> IAC
This command indicates that the authentication was not successful
and if there is any more data in the sub-option, it is an
text message of the reason for the rejection
3. Implementation
Every command after the first AUTHENTICATION IS must carry the
set of modifiers (e.g., CLIENT|MUTUAL) for subsequent
IS and AUTHENTICATION REPLY commands
If the second octet of the authentication-type-pair has the AUTH_
bit set to AUTH_WHO_CLIENT, then the client sends the initial
command, and the server responds with either ACCEPT or REJECT
If the second octet of the authentication-type-pair has the AUTH_
bit set to AUTH_WHO_SERVER, then the server sends the initial
command, and the client responds with either ACCEPT or REJECT
4.
User "joe" may wish to log in as user "pete" on machine "foo".
"pete" has set things up on "foo" to allow "joe" access to
account, then the client would send IAC SB AUTHENTICATION NAME "pete
IAC SE IAC SB AUTHENTICATION IS SPX AUTH
token> IAC SE. The server would then authenticate the user as "joe
from the token information, and the server would send back
ACCEPT or REJECT. If mutual authentication is being used, the
would include in the ACCEPT message, a mutual response.
authorization check to see if "pete" is allowing "joe" to use
account is made after the authentication exchange is complete
Therefore, it is possible for the client to receive an
response (based on the authentication token), but for joe to
denied access to log in to pete's account
Telnet Working Group [Page 2]
RFC 1412 SPX for Telnet January 1993
Client
IAC DO
IAC WILL
[ The server is now free to request authentication information
]
IAC SB AUTHENTICATION SEND
CLIENT|MUTUAL SPX CLIENT|ONE_
IAC
[ The server has requested mutual SPX authentication. If
authentication is not supported, then the server is willing
do one-way SPX authentication. ]
[ The client will now respond with the name of the user that
wants to log in as, and the SPX authentication token. ]
IAC SB AUTHENTICATION
"pete" IAC
IAC SB AUTHENTICATION IS
CLIENT|MUTUAL AUTH <
authentication
information> IAC
[ The server responds with an ACCEPT command to state that
authentication was successful. ]
[ If AUTH_HOW_MUTUAL, the server responds with the
response so the client can verify that it is really talking
the right server. ]
[ If AUTH_HOW_ONE_WAY, the server responds with a NULL
response, since the client is willing to trust the
already. ]
IAC SB AUTHENTICATION REPLY
CLIENT|MUTUAL ACCEPT <
response> IAC
Telnet Working Group [Page 3]
RFC 1412 SPX for Telnet January 1993
Security
The ability to negotiate a common authentication mechanism
client and server is a feature of the authentication option
should be used with caution. When the negotiation is performed,
authentication has yet occurred. Therefore, each system has no
of knowing whether or not it is talking to the system it intends.
intruder could attempt to negotiate the use of an
system which is either weak, or already compromised by the intruder
Author's
Kannan
Digital Equipment
550 King Street, LKG1-2/A19
Littleton, MA 01460
EMail: kannan@sejour.lkg.dec.
Mailing List: telnet-ietf@CRAY.
The working group can be contacted via the current chair
Steve
INTERACTIVE Systems
1901 North Naper
Naperville, IL 60563-8895
Phone: (708) 505-9100 x256
EMail: stevea@isc.
Telnet Working Group [Page 4]
if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.
RFC documents can be found at I.E.T.F.
Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX
