Username/Password Authentication for SOCKS V5[RFC 1929]

Username/Password Authentication for SOCKS V5

INTERNET-DRAFT

Expires: In Six Months                                                 M. Leech

<draft-ietf-aft-username-password-01.txt>







             Username/Password Authentication for SOCKS V5



Status of this Memo



   This document is an Internet-Draft. Internet-Drafts are working

   documents of the Internet Engineering Task Force (IETF), its areas,

   and its working groups. Note that other groups may also distribute

   working documents as Internet-Drafts.



   Internet-Drafts are draft document valid for a maximum of six months

   and may be updated, replaced or obsoleted by other documents at any

   time. It is inappropriate to use Internet-Drafts as reference

   material or to cite them other than as "work in progress".



   To learn the current status of any Internet-Draft, please check the

   "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow

   Directories on ds.internic.net (US East Coast), nic.nordu.net

   (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific

   Rim).



1.  Introduction



   The protocol specification for SOCKS Version 5 specifies a

   generalized framework for the use of arbitrary authentication

   protocols in the initial socks connection setup. This document

   describes one of those protocols, as it fits into the SOCKS Version 5

   authentication "subnegotiation".



2.  Initial negotiation



   Once the SOCKS V5 server has started, and the client has selected the

   Username/Password Authentication protocol, the Username/Password

   subnegotiation begins.  This begins with the client producing a

   Username/Password request:





           +----+------+----------+------+----------+

           |VER | ULEN |  UNAME   | PLEN |  PASSWD  |

           +----+------+----------+------+----------+

           | 1  |  1   | 1 to 255 |  1   | 1 to 255 |

           +----+------+----------+------+----------+







Leech                                                   [Page 1]



INTERNET-DRAFT    Username Authentication for SOCKS V5        March 1995





   The VER field contains the current version of the subne-

   gotiation, which is X'01'. The ULEN field contains the

   length of the UNAME field that follows. The UNAME field

   contains the username as known to the source operating

   system. The PLEN field contains the length of the PASSWD

   field that follows. The PASSWD field contains the pass-

   word association with the given UNAME.



   The server verifies the supplied UNAME and PASSWD, and

   sends the following response:





                        +----+--------+

                        |VER | STATUS |

                        +----+--------+

                        | 1  |   1    |

                        +----+--------+



   A STATUS field of X'00' indicates success. If the server

   returns a `failure' (STATUS value other than X'00') sta-

   tus, it MUST close the connection.



3.  Security Considerations



   This document describes a subnegotiation that provides

   authentication services to the SOCKS protocol. Since the

   request carries the password in cleartext, this subnego-

   tiation is not recommended for environments where "sniff-

   ing" is possible and practical.



4.  Authors Address



   Marcus Leech

   Bell-Northern Research Ltd

   P.O. Box 3511, Station C

   Ottawa, ON

   CANADA K1Y 4H7



   +1 613 763 9145



   Email: mleech@bnr.ca





















Leech                                                   [Page 2]