2.2.2 Telnet Authentication Option Command IS or REPLY
When the Telnet Authentication Option command (as specified in [RFC2941]) is REPLY or IS, the Telnet: NTLM Authentication Protocol messages are embedded in the authentication-type-pair and <auth-data> fields. The message structure specified in this section maps to the coalesced space of authentication-type-pair and <auth-data> fields in IS and REPLY commands.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
AuthenticationType |
Modifier |
NTLM_CommandCode |
NTLM_DataSize |
||||||||||||||||||||||||||||
... |
NTLM_BufferType |
||||||||||||||||||||||||||||||
... |
NTLM_Data (variable) |
||||||||||||||||||||||||||||||
... |
AuthenticationType (1 byte): In the context of the Telnet: NTLM Authentication Protocol, a Telnet client MUST set this field to 0x0F in all IS messages to indicate that the authentication mechanism used is NTLM and a Telnet server MUST set this field to 0x0F in all REPLY messages.
Modifier (1 byte): This BYTE field specifies modifiers to the authentication method specified in the AuthenticationType field, as specified in [RFC2941]. The Telnet Authentication Option (as specified in [RFC2941]) defines Modifier as five 1-bit fields. The first two bits are processed as a pair—the AUTH_WHO_MASK bit and the AUTH_HOW_MASK bit. The third and fifth bits in the modifier are the ENCRYPT_MASK bits. These bits are used to determine if and how encryption is enabled. The fourth bit field is the INI_CRED_FWD_MASK bit. This bit is set either to INI_CRED_FWD_ON or INI_CRED_FWD_OFF.
-
In the context of the Telnet: NTLM Authentication Protocol, the following modifiers MUST be used when a client or server implementation sends a message.
-
Modifiers
Symbolic value
Bit value(s)
AUTH_WHO_MASK
AUTH_CLIENT_TO_SERVER
0
AUTH_HOW_MASK
AUTH_HOW_ONE_WAY
0
ENCRYPT_MASK (2 bits)
ENCRYPT_OFF
0
INI_CRED_FWD_MASK
INI_CRED_FWD_OFF
0
NTLM_CommandCode (1 byte): This BYTE field specifies a sub stage of NTLM authentication. The possible values for this field are as follows:
-
Name
Value
NTLM_NEGOTIATE
0x00
NTLM_CHALLENGE
0x01
NTLM_AUTHENTICATE
0x02
NTLM_ACCEPT
0x03
NTLM_REJECT
0x04
NTLM_DataSize (4 bytes): This 32-bit unsigned integer field specifies the number of bytes in the NTLM_Data field. Data in this field MUST be in little-endian format.
NTLM_DataSize MUST be present only if NTLM_CommandCode is one of the following: NTLM_NEGOTIATE, NTLM_CHALLENGE, or NTLM_AUTHENTICATE.
NTLM_BufferType (4 bytes): This 32-bit unsigned integer field specifies the type of NTLM_Data. Data in this field MUST be in little-endian format. This field indicates the type of the buffer in NTLM_Data. Currently, the Telnet: NTLM Authentication Protocol does not specify how this field is processed. For compatibility with older versions of client and server software, an implementation MUST set this field to 0x00000002. An implementation SHOULD recognize 0x00000002 as indicating that the supplied buffer is a SECBUFFER_TOKEN buffer type.<2>
NTLM_BufferType MUST be present only if NTLM_CommandCode is one of the following: NTLM_NEGOTIATE, NTLM_CHALLENGE, or NTLM_AUTHENTICATE.
NTLM_Data (variable): This variable-length field contains the buffer that holds an NTLM message. The Telnet: NTLM Authentication Protocol does not specify how an implementation processes this field. Instead, an implementation passes this data to the local NTLM protocol implementation for processing.
NTLM_Data MUST be present only if NTLM_CommandCode is one of the following: NTLM_NEGOTIATE, NTLM_CHALLENGE, or NTLM_AUTHENTICATE.