User name/password authentication method for RFC1929-SCOKS V5
Network Working Group M. Leech
Request for comments: 1929 bell-Northern Research Ltd
Category: Standards track March 1996
User name/password verification in scoks V5
Memorandum status
This standard provides a detailed description of the Architecture Board's standard track protocol for Internet, and requires discussion and suggestions for further improvement. Please pay attention to the latest document "IAB official protocol standards" (std1) used to describe the standardization protocol ). There are no restrictions on the issuance of this memorandum.
Introduction
The scoks V5 protocol specification details the framework in the general sense, so that mandatory authentication can be performed at the beginning of the socks connection. This document describes one of the methods that apply to the authentication sub-negotiation process of scoks V5.
Note:
Unless otherwise specified, all decimal numbers in the data packet format diagram indicate the length of the byte in the corresponding field. If the value of a given byte needs to be described, the value of this byte is expressed with X 'hh. If the word 'variable' is used in a domain, the length of the domain is variable, and the length of the domain is defined in a domain associated with the domain (1-2 bytes, or a data type domain.
Initial negotiation
Once the scoks V5 server starts running and the client has selected the user name/password authentication protocol, the user name/password Negotiation starts. It starts to generate a user name/password request with the client:
+ ---- + ------ + ---------- +
| Ver | Ulen | uname | Plen | passwd |
+ ---- + ------ + ---------- +
| 1 | 1 | 1 to 255 | 1 | 1 to 255 |
+ ---- + ------ + ---------- +
The content of the ver domain is the version of the current sub-negotiation, which is '01 '. The Ulen field is the length of the uname field. Uname is the username known to the source operating system. The Plen domain is the byte length of the passwd domain. The passwd domain is the password of the username in the uname.
The server checks the uname and passwd domains and returns a response:
+ ---- + -------- +
| Ver | status |
+ ---- + -------- +
| 1 | 1 |
+ ---- + -------- +
If the Status field is '00', the operation is successful. If the server returns a "failed" status (the Status field is not '00'), the connection must be closed.
Security considerations
This article describes a sub-negotiation method that provides authentication services for the scoks V5 protocol. Because the password in the request is sent in plain text, this self-negotiation method is not recommended for use in networks with "snoop.
Author address
Marcus leech
Bell-Northern Research Ltd
P. O. Box 3511, Station C
Ottawa, on
Canada k1y 4h7
Phone: + 1 613 763 9145
Email: mleech@bnr.ca