RFC 1416 (rfc1416) - Page 3 of 7
Telnet Authentication Option
Alternative Format: Original Text Document
RFC 1416 Telnet Authentication Option February 1993
IAC SB AUTHENTICATION REPLY authentication-type-pair IAC
SE
The sender of this command (the server) is sending a reply to the
the authentication information received in a previous IS command.
Only the server side (DO AUTHENTICATION) is allowed to send this.
IAC SB AUTHENTICATION NAME remote-user IAC SE
This optional command is sent to specify the account name on the
remote host that the user wishes to be authorized to use. Note
that authentication may succeed, and the authorization to use a
particular account may still fail. Some authentication mechanisms
may ignore this command.
The "authentication-type-pair" is two octets, the first is the
authentication type (as listed in Section 1, additions to this list
must be registered with the Internet Assigned Numbers Authority
(IANA)), and the second is a modifier to the type. There are
currently two one bit fields defined in the modifier, the
AUTH_WHO_MASK bit and the AUTH_HOW_MASK bit, so there are four
possible combinations:
AUTH_CLIENT_TO_SERVER
AUTH_HOW_ONE_WAY
The client will send authentication information about the local
user to the server. If the negotiation is successful, the
server will have authenticated the user on the client side of
the connection.
AUTH_SERVER_TO_CLIENT
AUTH_HOW_ONE_WAY
The server will authenticate itself to the client. If the
negotiation is successful, the client will know that it is
connected to the server that it wants to be connected to.
AUTH_CLIENT_TO_SERVER
AUTH_HOW_MUTUAL
The client will send authentication information about the local
user to the server, and then the server will authenticate
itself to the client. If the negotiation is successful, the
server will have authenticated the user on the client side of
the connection, and the client will know that it is connected
to the server that it wants to be connected to.
Telnet Working Group