summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc912.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc912.txt')
-rw-r--r--doc/rfc/rfc912.txt171
1 files changed, 171 insertions, 0 deletions
diff --git a/doc/rfc/rfc912.txt b/doc/rfc/rfc912.txt
new file mode 100644
index 0000000..3f14809
--- /dev/null
+++ b/doc/rfc/rfc912.txt
@@ -0,0 +1,171 @@
+
+
+Network Working Group Mike StJohns
+Request for Comments: 912 TPSC
+ September 1984
+
+ Authentication Service
+
+
+STATUS OF THIS MEMO
+
+ This RFC suggests a proposed protocol for the ARPA-Internet
+ community, and requests discussion and suggestions for improvements.
+ Distribution of this memo is unlimited.
+
+INTRODUCTION
+
+ The Authentication Server provides a means to determine the identity
+ of a user of a particular TCP connection. Given a TCP port number
+ pair, it returns a character string which identifies the owner of
+ that connection on the server's system. Suggested uses include
+ automatic identification and verification of a user during an FTP
+ session, additional verification of a TAC dial up user, and access
+ verification for a generalized network file server.
+
+OVERVIEW
+
+ This is a connection based application on TCP. A server listens for
+ TCP connections on TCP port 113 (decimal). Once a connection is
+ established, the server reads one line of data which specifies the
+ connection of interest. If it exists, the system dependent user
+ identifier of the connection of interest is sent out the connection.
+ The service closes the connection after sending the user identifier.
+
+RESTRICTIONS
+
+ Queries are permitted only for fully specified connections. The
+ local/foreign host pair used to fully specify the connection are
+ taken from the query connection. This means a user on Host A may
+ only query the server on Host B about connections between A and B.
+
+QUERY/RESPONSE FORMAT
+
+ The server accepts simple text query requests of the form
+
+ <local-port>, <foreign-port>
+
+ where <local-port>, is the TCP port (decimal) on the target (server)
+ system, and <foreign-port> is the TCP port (decimal) on the source
+ (user) system.
+
+ For example:
+
+
+
+StJohns [Page 1]
+
+
+
+RFC 912 September 1984
+Authentication Service
+
+
+ 23, 6191
+
+ The response is of the form
+
+ <local-port>, <foreign-port> : <response-type> : <additional-info>
+
+ where <local-port>, <foreign-port> are the same pair as the query,
+ <response-type> is a keyword identifying the type of response, and
+ <additional info> is context dependent.
+
+ For example:
+
+ 23, 6191 : USERID : StJohns
+
+RESPONSE TYPES
+
+ A response can be one of two types:
+
+ USERID
+
+ In this case, <additional-info> is the printable representation of
+ the user identifier of the owner of the connection. The format of
+ the returned user identifier is completely system dependent.
+
+ ERROR
+
+ For some reason the owner of the TCP port could not be determined,
+ <additional-info> tells why. The following are suggested values
+ of <additional-info> and their meanings.
+
+ INVALID PORT
+
+ Either the local or foreign port was improperly specified.
+
+ NO USER
+
+ The connection specified by the port pair is not currently
+ in use.
+
+ UNKNOWN ERROR
+
+ Can't determine connection owner; reason unknown.
+ Other values may be specified as necessary.
+
+
+
+
+
+
+StJohns [Page 2]
+
+
+
+RFC 912 September 1984
+Authentication Service
+
+
+CAVEATS
+
+ Unfortunately, the trustworthiness of the various host systems that
+ might implement an authentication server will vary quite a bit. It
+ is up to the various applications that will use the server to
+ determine the amount of trust they will place in the returned
+ information. It may be appropriate in some cases restrict the use of
+ the server to within a locally controlled subnet.
+
+APPLICATIONS
+
+ 1) Automatic user authentication for FTP.
+
+ 2) Verification for privileged network operations. For example,
+ having the server start or stop special purpose servers.
+
+DISCLAIMER
+
+ I designed this protocol to allow me to eliminate the bother of
+ having to identify myself before continuing an FTP session.
+
+ Since I started work on it, other applications appeared. I have
+ tried to consider all of our applications while still making this as
+ general as possible.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+StJohns [Page 3]
+