ASCII Authentication

The Oracle® Enterprise Session Border Controller initiates the authentication with an authentication START packet. 

+-----------------------------------+
|           Common Header           |
|     minor_version contains 0x0    |
|         type contains 0x1         |
+--------+--------+--------+--------+
|action  |priv_lvl|authen_ |service |
|        |        |type    |        |
|  0x01  |  0x01  |  0x01  |  0x01  |
|--------+--------+--------+--------+
|user_len|port_len|rem_addr|data_len|
|        |        |_len    |        |
|    0   |    N   |    N   |    0   |
+--------+--------+--------+--------+
|                port               |
|               tty10               |
+-----------------------------------+
|              rem_addr             |
|         localhost address         |
+-----------------------------------+
  • The action field specifies the requested authentication action — 0x01 for TAC_PLUSAUTHEN_LOGIN (authentication of a user login).
  • The priv_lvl field specifies the privilege level requested by the user — 0x01 for TAC_PLUS_PRIV_LVL_USER.
  • The authen_type field specifies the authentication methodology — 0x01 for TAC_PLUS_AUTHEN_TYPE_ASCII (simple login).
  • The service field specifies the requesting service — 0x01 for TAC_PLUS_AUTHEN_SVC_LOGIN (login service).
  • The user_len and data_len fields contain a value of 0 , as required by the TACACS+ protocol.
  • The port_len and rem_addr_len fields contain the length, in octets, of the port and rem_addr fields.
  • The port field contains the name of the Oracle® Enterprise Session Border Controller port on which authentication is taking place. Following Cisco Systems convention, this field contains the string tty10 .
  • The rem_addr field specifies the location of the user to be authenticated. This field contains the localhost address.

The TACACS+ daemon returns an authentication REPLY requesting the username. 

+-----------------------------------+
|           Common Header           |
|     minor_version contains 0x0    |
|         type contains 0x1         |
+--------+--------+-----------------+
| status |  flags |  server_msg_len |
|  0x04  |        |        0        |
|--------+--------+-----------------+
|     data_len    |
|        0        |
+-----------------+
  • The status field specifies a daemon request — 0x04 for TAC_PLUS_AUTH_STATUS_GETUSER (get username).
  • The server_msg_len data_len fields both contain a value of 0 , as required by the TACACS+ protocol.

The Oracle® Enterprise Session Border Controllerresponds with an authentication CONTINUE packet. 

+-----------------------------------+
|           Common Header           |
|     minor_version contains 0x0    |
|         type contains 0x1         |
+-----------------+-----------------+
|   user_msg_len  |     data_len    |
|                 |        0        |
|--------+--------+-----------------+
|  flags |       user_msg ...       |
+--------+--------------------------+
  • The user_msg_len field contains the length, in octets, of the user_msg field.
  • The data_len field contains a value of 0 , as required by the TACACS+ protocol.
  • The user_msg field contains the username to be authenticated.

The TCACS+ daemon returns a second authentication REPLY requesting the user password. 

+-----------------------------------+
|           Common Header           |
|     minor_version contains 0x0    |
|         type contains 0x1         |
+--------+--------+--------+--------+
| status |  flags |  server_msg_len |
|  0x05  |        |        0        |
|--------+--------+--------+--------+
|     data_len    |
|        0        |
+-----------------+
  • The status field specifies a daemon request — 0x05 for TAC_PLUS_AUTH_STATUS_GETPASS (get user password).
  • The server_msg_len and data_len fields both contain a value of 0 , as required by the TACACS+ protocol.

The Oracle® Enterprise Session Border Controller responds with a second authentication CONTINUE packet. 

+-----------------------------------+
|           Common Header           |
|     minor_version contains 0x0    |
|         type contains 0x1         |
+-----------------+-----------------+
|   user_msg_len  |     data_len    |
|                 |        0        |
|--------+--------+--------+--------+
|  flags |       user_msg ...       |
+--------+--------------------------+
  • The user_msg_len field contains the length, in octets, of the user_msg field.
  • The data_len field contains a value of 0 , as required by the TACACS+ protocol.
  • The user_msg field contains the user password to be authenticated.
  • Other, optional fields are not used.

The TACACS+ daemon returns a third authentication REPLY reporting the authentication result, and terminating the authentication session. 

+-----------------------------------+
|           Common Header           |
|     minor_version contains 0x0    |
|         type contains 0x1         |
+--------+--------+-----------------+
| status |  flags |  server_msg_len |
|  0x01  |        |        0        |
|--------+--------+-----------------+
|     data_len    |
|        0        |
+-----------------+
  • The status field specifies the authentication result — 0x01 for TAC_PLUS_AUTH_STATUS_PASS (authorization succeeds), or 0x02 for TAC_PLUS_AUTH_STATUS_FAIL (authorization fails).
  • The server_msg_len , and data_len fields both contain a value of 0 , as required by the TACACS+ protocol.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents