RFC 927 (rfc927) - Page 2 of 4
TACACS user identification Telnet option
Alternative Format: Original Text Document
RFC 927 December 1984 TUID Telnet Option IAC DON'T TUID The sender (the TELNET server) refuses to accept the recipient's (the TELNET user) authentication of the user. IAC SB TUIDIAC SE The sender (the TELNET user) sends the UUID of the user on whose behalf the connection is established to the host to which he is connected. The is a 32 bit binary number. 3. Default WON'T TUID A TELNET user host (the initiator of a TELNET connection) not implementing or using the TUID option will reply WON'T TUID to a DO TUID. DON'T TUID A TELNET server host (the recipient of a TELNET connection) not implementing or using the TUID option reply DON'T TUID to a WILL TUID. 4. Motivation for the Option Under TACACS (the TAC Access Control System) a user must be authenticated (give a correct name/password pair) to a TAC before he can connect to a host via the TAC. To avoid a second authentication by the target host, the TAC can pass along the user's proven identity (his UUID) to the that host. Hosts may accept the TAC's authentication of the user or not, at their option. The same option can be used between any pair of cooperating hosts for the purpose of double login avoidance. 5. Description for the Option At the time that a host establishes a TELNET connection for a user to another host, if the latter supports the TUID option and wants to receive the user's UUID, it sends an IAC DO TUID to the the user's host. If the user's host supports the TUID option and wants to authenticate the user by sending the user's UUID, it responds IAC WILL TUID; otherwise it responds with IAC WON'T TUID. If both the user and server TELNETs agree, the user TELNET will then send the UUID to the server TELNET by sub-negotiation. Anderson
