RFC 2944 (rfc2944) - Page 2 of 7

Telnet Authentication: SRP

RFC 2944               Telnet Authentication: SRP         September 2000


2. Command Meanings

   IAC SB AUTHENTICATION IS  AUTH IAC SE

      This command indicates that the client has supplied the
      username and is ready to receive that user's field parameters.
      There is no authentication information to be sent to the remote
      side of the connection yet.  This should only be sent after the
      IAC SB AUTHENTICATION NAME command has been issued.  If the
      modifier byte (second byte of the authentication-type-pair)
      has any bits other than AUTH_WHO_MASK or AUTH_HOW_MASK set,
      both bytes are included in the session key hash described later.
      This ensures that the authentication type pair was correctly
      negotiated, while maintaining backward-compatibility with existing
      software.

   IAC SB AUTHENTICATION REPLY  PARAMS  IAC SE

      This command is used to pass the three parameter values used
      in the exponentiation to the client.  These values are often
      called n, g, and s.

   IAC SB AUTHENTICATION IS  EXP  IAC SE

      This command is used to pass the client's exponential residue,
      otherwise known as A, computed against the parameters exchanged
      earlier.

   IAC SB AUTHENTICATION REPLY  CHALLENGE
    IAC SE

      This command is used to pass the server's exponential residue,
      computed against the same parameters.  This quantity is actually
      the sum of two residues, i.e. g^x + g^b.  For details see [SRP]
      and [<a href="/computing/rfc/rfc2945.html">RFC 2945</a>].

   IAC SB AUTHENTICATION IS <authentication-type-pair> RESPONSE
   <response from client> IAC SE

      This command gives the server proof of the client's authenticity
      with a 160-bit (20 byte) response.








Wu                          Standards Track</response></authentication-type-pair>