Re: new C-S draft
Alex Bochannek <abochann@cisco.com> Tue, 11 April 1995 06:45 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa24196; 11 Apr 95 2:45 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa24192; 11 Apr 95 2:45 EDT
Received: from wugate.wustl.edu by CNRI.Reston.VA.US id aa22310; 11 Apr 95 2:45 EDT
Received: from host (localhost.wustl.edu [127.0.0.1]) by wugate.wustl.edu (8.6.11/8.6.11) with SMTP id BAA23479; Tue, 11 Apr 1995 01:46:15 -0500
Received: from hubbub.cisco.com (hubbub.cisco.com [198.92.30.32]) by wugate.wustl.edu (8.6.11/8.6.11) with ESMTP id BAA23426 for <oswg-l@wugate.wustl.edu>; Tue, 11 Apr 1995 01:45:06 -0500
Received: from nacho.cisco.com (nacho.cisco.com [171.69.1.160]) by hubbub.cisco.com (8.6.10/CISCO.GATE.1.1) with SMTP id XAA25938 for oswg-l@wugate.wustl.edu; Mon, 10 Apr 1995 23:45:04 -0700
Message-Id: <199504110645.XAA25938@hubbub.cisco.com>
Date: Mon, 10 Apr 1995 23:45:04 -0700
Reply-To: oswg-l@wugate.wustl.edu
X-Orig-Sender: owner-oswg-l@wugate.wustl.edu
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Alex Bochannek <abochann@cisco.com>
To: oswg-l@wugate.wustl.edu
Subject: Re: new C-S draft
In-Reply-To: Your message of "Sun, 09 Apr 95 10:49:28 EDT." <9504091449.aa17274@nic.near.net>
X-Listprocessor-Version: 7.1 -- ListProcessor by CREN
> Given the number of changes in the draft, I'm appending a copy of > it before sending it to CNRI for posting. Please send comments... > > thanks, > henry A few comments. > LOGIN-CMD ::= LOGIN <username> <auth-type> > USERNAME ::= " <ASCII-STRING> " > AUTH-TYPE ::= "none" | " <ASCII-STRING> " > CHAL-CMD ::= CHAL " <ASCII-STRING> " > AUTH-CMD ::= AUTH " <ASCII-STRING> " > > > The authentication types supported by each server will vary. It's > recommended that standard strings such as "kerberos", "password", > "securid", "skey", and "tacacs" be used for maximum interoperability > among clients and servers. The authentication type names specified in RFC1409 could be used here. > An example of a invalid username: > > > >LOGIN "mule" "skey" > <112 "Username unknown" > > > or > > > >LOGIN "mule" "skey" > <CHAL "78 lo39065" > >AUTH "COW DOG FRED LOG COLD WAR" > <110 "Login invalid" For security reasons, I'd always challenge even if the username is unknown. This way it is harder to find valid usernames by trial and error. (I guess I am also suggesting to get rid of error code 112 then). > Note that upon reception of an EXIT command, the server must always > close the connection, even if it would be appropriate to return an > ERROR return code. It might be helpful to spell out what happens if the underlying reliable transport protocol closes the connection. I'd assume for the server this is equivalent to receiving an EXIT command and the server can release all data structures and TAG's that were associated with the session. That's it from me. -- Alex Bochannek Phone : +1 408 526 51 91 Network Analyst - ECS Fax : +1 408 526 45 75 Cisco Systems, Inc. Pager : +1 408 485 90 92 170 West Tasman Drive, Bldg E Email : abochannek@cisco.com San Jose, CA 95134-1706, USA
- new C-S draft Henry Clark
- Re: new C-S draft Alex Bochannek
- Re: new C-S draft Henry Clark
- Re: new C-S draft Alex Bochannek
- Re: new C-S draft Henry Clark