Username/Password Authentication for SOCKS V5
Expires: In Six Months                                                 M. Leech

             Username/Password Authentication for SOCKS V5

Status of this Memo

   This document is an Internet-Draft. Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups. Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft document valid for a maximum of six months
   and may be updated, replaced or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress".

   To learn the current status of any Internet-Draft, please check the
   "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
   Directories on (US East Coast),
   (Europe), (US West Coast), or (Pacific

1.  Introduction

   The protocol specification for SOCKS Version 5 specifies a
   generalized framework for the use of arbitrary authentication
   protocols in the initial socks connection setup. This document
   describes one of those protocols, as it fits into the SOCKS Version 5
   authentication "subnegotiation".

2.  Initial negotiation

   Once the SOCKS V5 server has started, and the client has selected the
   Username/Password Authentication protocol, the Username/Password
   subnegotiation begins.  This begins with the client producing a
   Username/Password request:

           |VER | ULEN |  UNAME   | PLEN |  PASSWD  |
           | 1  |  1   | 1 to 255 |  1   | 1 to 255 |
   The VER field contains the current version of the subne-
   gotiation, which is X'01'. The ULEN field contains the
   length of the UNAME field that follows. The UNAME field
   contains the username as known to the source operating
   system. The PLEN field contains the length of the PASSWD
   field that follows. The PASSWD field contains the pass-
   word association with the given UNAME.

   The server verifies the supplied UNAME and PASSWD, and
   sends the following response:

                        |VER | STATUS |
                        | 1  |   1    |

   A STATUS field of X'00' indicates success. If the server
   returns a `failure' (STATUS value other than X'00') sta-
   tus, it MUST close the connection.

3.  Security Considerations

   This document describes a subnegotiation that provides
   authentication services to the SOCKS protocol. Since the
   request carries the password in cleartext, this subnego-
   tiation is not recommended for environments where "sniff-
   ing" is possible and practical practical.

4.  Authors Address

   Marcus Leech
   Bell-Northern Research Ltd
   P.O. Box 3511, Station C
   Ottawa, ON

   +1 613 763 9145