draft-ietf-aft-username-password-01.txt   rfc1929.txt 
Username/Password Authentication for SOCKS V5
INTERNET-DRAFT Network Working Group M. Leech
Expires: In Six Months M. Leech Request for Comments: 1929 Bell-Northern Research Ltd
<draft-ietf-aft-username-password-01.txt> Category: Standards Track March 1996
Username/Password Authentication for SOCKS V5 Username/Password Authentication for SOCKS V5
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document specifies an Internet standards track protocol for the
documents of the Internet Engineering Task Force (IETF), its areas, Internet community, and requests discussion and suggestions for
and its working groups. Note that other groups may also distribute improvements. Please refer to the current edition of the "Internet
working documents as Internet-Drafts. Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Internet-Drafts are draft document valid for a maximum of six months
and may be updated, replaced or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress".
To learn the current status of any Internet-Draft, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim).
1. Introduction 1. Introduction
The protocol specification for SOCKS Version 5 specifies a The protocol specification for SOCKS Version 5 specifies a
generalized framework for the use of arbitrary authentication generalized framework for the use of arbitrary authentication
protocols in the initial socks connection setup. This document protocols in the initial socks connection setup. This document
describes one of those protocols, as it fits into the SOCKS Version 5 describes one of those protocols, as it fits into the SOCKS Version 5
authentication "subnegotiation". authentication "subnegotiation".
Note:
Unless otherwise noted, the decimal numbers appearing in packet-
format diagrams represent the length of the corresponding field, in
octets. Where a given octet must take on a specific value, the
syntax X'hh' is used to denote the value of the single octet in that
field. When the word 'Variable' is used, it indicates that the
corresponding field has a variable length defined either by an
associated (one or two octet) length field, or by a data type field.
2. Initial negotiation 2. Initial negotiation
Once the SOCKS V5 server has started, and the client has selected the Once the SOCKS V5 server has started, and the client has selected the
Username/Password Authentication protocol, the Username/Password Username/Password Authentication protocol, the Username/Password
subnegotiation begins. This begins with the client producing a subnegotiation begins. This begins with the client producing a
Username/Password request: Username/Password request:
+----+------+----------+------+----------+ +----+------+----------+------+----------+
|VER | ULEN | UNAME | PLEN | PASSWD | |VER | ULEN | UNAME | PLEN | PASSWD |
+----+------+----------+------+----------+ +----+------+----------+------+----------+
| 1 | 1 | 1 to 255 | 1 | 1 to 255 | | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
+----+------+----------+------+----------+ +----+------+----------+------+----------+
The VER field contains the current version of the subne- The VER field contains the current version of the subnegotiation,
gotiation, which is X'01'. The ULEN field contains the which is X'01'. The ULEN field contains the length of the UNAME field
length of the UNAME field that follows. The UNAME field that follows. The UNAME field contains the username as known to the
contains the username as known to the source operating source operating system. The PLEN field contains the length of the
system. The PLEN field contains the length of the PASSWD PASSWD field that follows. The PASSWD field contains the password
field that follows. The PASSWD field contains the pass- association with the given UNAME.
word association with the given UNAME.
The server verifies the supplied UNAME and PASSWD, and The server verifies the supplied UNAME and PASSWD, and sends the
sends the following response: following response:
+----+--------+ +----+--------+
|VER | STATUS | |VER | STATUS |
+----+--------+ +----+--------+
| 1 | 1 | | 1 | 1 |
+----+--------+ +----+--------+
A STATUS field of X'00' indicates success. If the server A STATUS field of X'00' indicates success. If the server returns a
returns a `failure' (STATUS value other than X'00') sta- `failure' (STATUS value other than X'00') status, it MUST close the
tus, it MUST close the connection. connection.
3. Security Considerations 3. Security Considerations
This document describes a subnegotiation that provides This document describes a subnegotiation that provides authentication
authentication services to the SOCKS protocol. Since the services to the SOCKS protocol. Since the request carries the
request carries the password in cleartext, this subnego- password in cleartext, this subnegotiation is not recommended for
tiation is not recommended for environments where "sniff- environments where "sniffing" is possible and practical.
ing" is possible and practical.
4. Authors Address 4. Author's Address
Marcus Leech Marcus Leech
Bell-Northern Research Ltd Bell-Northern Research Ltd
P.O. Box 3511, Station C P.O. Box 3511, Station C
Ottawa, ON Ottawa, ON
CANADA K1Y 4H7 CANADA K1Y 4H7
+1 613 763 9145 Phone: +1 613 763 9145
EMail: mleech@bnr.ca
Email: mleech@bnr.ca
 End of changes. 9 change blocks. 
37 lines changed or deleted 35 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/