Export (0) Print
Expand All

3.2.5.1 Sent Initial PRELOGIN Packet State

If the response contains a structurally valid PRELOGIN response indicating a success, the TDS 4.2 client MUST take action according to the Encryption option and Authentication scheme:

  • The Encryption option MUST be handled as described in section 2.2.6.4 in the PRELOGIN message description.

  • If encryption was negotiated, the TDS 4.2 client MUST initiate a TLS/SSL handshake, send to the server a TLS/SSL message obtained from the TLS/SSL layer encapsulated in TDS 4.2 packets of type PRELOGIN (0x12), and enter the Sent TLS/SSL negotiation packet state.

  • If encryption was not negotiated and the upper layer did not request full encryption, the TDS 4.2 client MUST send to the server a LOGIN message that includes either standard login and password or indicates that integrated authentication SHOULD be used, and enter the Sent LOGIN record state. The TDS 4.2 specification does not prescribe the authentication protocol if SSPI authentication is used. The current implementation supports NTLM (for more information, see [MSDN-NTLM]) and Kerberos (for more information, see [RFC4120]).

  • If encryption was not negotiated and the upper layer requested full encryption, then the TDS 4.2 client MUST close the underlying transport connection, indicate an error to the upper layer, and enter the final state.

  • If the response received from the server does not contain a structurally valid PRELOGIN response, or it contains a structurally valid PRELOGIN response indicating an error, the TDS 4.2 client MUST close the underlying transport connection, indicate an error to the upper layer, and enter the final state.

Show:
© 2015 Microsoft