RFC 1412 (rfc1412) - Page 2 of 4
Telnet Authentication: SPX
Alternative Format: Original Text Document
RFC 1412 SPX for Telnet January 1993
(A document which describes the mutual response syntax is forth
coming.) If the AUTH_HOW_ONE_WAY bit is set in the second octet
of the authentication-type-pair, the sender includes zero bytes of
mutual response.
IAC SB AUTHENTICATION REPLY REJECT
IAC SE
This command indicates that the authentication was not successful,
and if there is any more data in the sub-option, it is an ASCII
text message of the reason for the rejection.
3. Implementation Rules
Every command after the first AUTHENTICATION IS must carry the same
set of modifiers (e.g., CLIENT|MUTUAL) for subsequent AUTHENTICATION
IS and AUTHENTICATION REPLY commands.
If the second octet of the authentication-type-pair has the AUTH_WHO
bit set to AUTH_WHO_CLIENT, then the client sends the initial AUTH
command, and the server responds with either ACCEPT or REJECT.
If the second octet of the authentication-type-pair has the AUTH_WHO
bit set to AUTH_WHO_SERVER, then the server sends the initial AUTH
command, and the client responds with either ACCEPT or REJECT.
4. Examples
User "joe" may wish to log in as user "pete" on machine "foo". If
"pete" has set things up on "foo" to allow "joe" access to his
account, then the client would send IAC SB AUTHENTICATION NAME "pete"
IAC SE IAC SB AUTHENTICATION IS SPX AUTH IAC SE. The server would then authenticate the user as "joe"
from the token information, and the server would send back either
ACCEPT or REJECT. If mutual authentication is being used, the server
would include in the ACCEPT message, a mutual response. The
authorization check to see if "pete" is allowing "joe" to use his
account is made after the authentication exchange is complete.
Therefore, it is possible for the client to receive an ACCEPT
response (based on the authentication token), but for joe to be
denied access to log in to pete's account.
Telnet Working Group
