Browse Prior Art Database

TACACS user identification Telnet option (RFC0927)

IP.com Disclosure Number: IPCOM000004340D
Original Publication Date: 1984-Dec-01
Included in the Prior Art Database: 2000-Oct-09
Document File: 3 page(s) / 5K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B.A. Anderson: AUTHOR

Abstract

The following is the description of a TELNET option designed to facilitate double login avoidance. It is intended primarily for TAC connections to target hosts on behalf of TAC users, but it can be used between any two consenting hosts. For example, all hosts at one site (e.g., BBN) can use this option to avoid double login when TELNETing to one another.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 58% of the total text.

Network Working Group Brian A. Anderson

Request for Comments: 927 BBN

December 1984

TACACS User Identification Telnet Option

Status of this Memo

This RFC suggests a proposed protocol for the ARPA-Internet

community, and requests discussion and suggestions for improvements.

Distribution of this memo is unlimited.

Introduction

The following is the description of a TELNET option designed to

facilitate double login avoidance. It is intended primarily for TAC

connections to target hosts on behalf of TAC users, but it can be

used between any two consenting hosts. For example, all hosts at one

site (e.g., BBN) can use this option to avoid double login when

TELNETing to one another.

1. Command name and code

TUID 26

2. Command Meanings

IAC WILL TUID

The sender (the TELNET user) proposes to authenticate the user and

send the identifing UUID; or, the sender (the TELNET user) agrees

to authenticate the user on whose behalf the connection is

initiated.

IAC WON'T TUID

The sender (the TELNET user) refuses to authenticate the user on

whose behalf the connection is initiated.

IAC DO TUID

The sender (the TELNET server) proposes that the recipient (the

TELNET user) authenticate the user and send the identifing UUID;

or, the sender (the TELNET server) agrees to accept the

recipient's (the TELNET user's) authentication of the user

identified by his UUID.

RFC 927 December 1984

TUID Telnet Option

IAC DON'T TUID

The sender (the TELNET server) refuses to accept the recipient's

(the TELNET user) authentication of the user.

IAC SB TUID IAC SE

The sender (the TELNET user) sends the UUID of the user on

whose behalf the connection is established to the host to which he

is connected. The is a 32 bit binary number.

3. Default

WON'T TUID

A TELNET user host (the initiator of a TELNET connection) not

implementing or using the TUID option will reply WON'T TUID to a

DO TUID.

DON'T TUID

A TELNET server host (the recipient of a TELNET connection) not

implementing or using the TUID option reply DON'T TUID to a WILL

TUID.

4. Motivation for the Option

Under TACACS (the TAC Access Control System) a user must be

authenticated (give a correct name/password pair) to a TAC before he

can connect to a host via the TAC. To avoid a second authentication

by the target host, the TAC can pass along the user's proven identity

(his UUID) to the that host. Hosts may accept the TAC's

authentication of the user or not, at their option.

The same option can be used between any pair of cooperating hosts for

the purpose of double login avoidance.

5. Description for the Option

At the time that a host establishes a TELNET connection fo...