Browse Prior Art Database

Telnet Authentication: Kerberos Version 4 (RFC1411)

IP.com Disclosure Number: IPCOM000002237D
Original Publication Date: 1993-Jan-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 4 page(s) / 7K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Borman: AUTHOR [+2]

Abstract

Status of this Memo

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 36% of the total text.

Network Working Group D. Borman, Editor

Request for Comments: 1411 Cray Research, Inc.

January 1993

Telnet Authentication: Kerberos Version 4

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. Discussion and suggestions for improvement are requested.

Please refer to the current edition of the "IAB Official Protocol

Standards" for the standardization state and status of this protocol.

Distribution of this memo is unlimited.

1. Command Names and Codes

Authentication Types

KERBEROS_V4 1

Suboption Commands

AUTH 0

REJECT 1

ACCEPT 2

CHALLENGE 3

RESPONSE 4

2. Command Meanings

IAC SB AUTHENTICATION IS AUTH

ticket and authenticator> IAC SE

This is used to pass the Kerberos ticket to the remote side of the

connection. The first octet of the

value is KERBEROS_V4, to indicate the usage of Kerberos version 4.

IAC SB AUTHENTICATION REPLY ACCEPT IAC SE

This command indicates that the authentication was successful.

IAC SB AUTHENTICATION REPLY REJECT

IAC SE

This command indicates that the authentication was not successful,

and if there is any more data in the sub-option, it is an ASCII

text message of the reason for the rejection.

IAC SB AUTHENTICATION IS CHALLENGE

IAC SE

IAC SB AUTHENTICATION REPLY RESPONSE

IAC SE

These two commands are used to perform mutual authentication.

They are only used when the AUTH_HOW_MUTUAL bit is set in the

second octet of the authentication-type-pair. After successfully

sending an AUTH and receiving an ACCEPT, a CHALLENGE is sent. The

challenge is a random 8 byte number with the most significant byte

first, and the least significant byte last. When the CHALLENGE

command is sent, the "encrypted challenge" is the 8-byte-challenge

encrypted in the session key. When the CHALLENGE command is

received, the contents are decrypted to get the original 8-byte-

challenge, this value is then incremented by one, re-encrypted

with the session key, and returned as the "encrypted response" in

the RESPONSE command. The receiver of the RESPONSE command

decrypts the "encrypted resp...