This document is obsolete. Please
refer to RFC 931.
Network Working Group Mike StJohns Request for Comments: 912 TPSC September 1984
STATUS OF THIS MEMO
This RFC suggests a proposed protocol for the ARPA-Internet community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited.
The Authentication Server provides a means to determine the identity of a user of a particular TCP connection. Given a TCP port number pair, it returns a character string which identifies the owner of that connection on the server's system. Suggested uses include automatic identification and verification of a user during an FTP session, additional verification of a TAC dial up user, and access verification for a generalized network file server.
This is a connection based application on TCP. A server listens for TCP connections on TCP port 113 (decimal). Once a connection is established, the server reads one line of data which specifies the connection of interest. If it exists, the system dependent user identifier of the connection of interest is sent out the connection. The service closes the connection after sending the user identifier.
Queries are permitted only for fully specified connections. The local/foreign host pair used to fully specify the connection are taken from the query connection. This means a user on Host A may only query the server on Host B about connections between A and B.
The server accepts simple text query requests of the form
where <local-port>, is the TCP port (decimal) on the target (server) system, and <foreign-port> is the TCP port (decimal) on the source (user) system.
Unfortunately, the trustworthiness of the various host systems that might implement an authentication server will vary quite a bit. It is up to the various applications that will use the server to determine the amount of trust they will place in the returned information. It may be appropriate in some cases restrict the use of the server to within a locally controlled subnet.
1) Automatic user authentication for FTP.
2) Verification for privileged network operations. For example, having the server start or stop special purpose servers.
I designed this protocol to allow me to eliminate the bother of having to identify myself before continuing an FTP session.
Since I started work on it, other applications appeared. I have tried to consider all of our applications while still making this as general as possible.