Authentication

Top  Previous  Next

 

Certain commands, when sent through the network, require authentication. To authenticate itself the network host must provide a password, that matches the one defined by the Password (PW) setting.

 

From the authentication standpoint, all commands can be divided into three groups:

 

Commands that do not require authentication. These commands can be sent at any time and by any network host.

 

Commands with immediate authentication. In these commands the password is supplied in the command body itself and authenticates this particular command. For some of these commands authentication is optional.

 

Commands that require prior login. These commands are only accepted after the network host has logged in using the Login (L) command. Login is performed once and is said to open a programming session.

 

The DS memorizes the source IP-address from which the Login (L) command is sent as well as the mode in which it is sent: out-of-band, inband, etc. Programming session must continue from the same IP-address and using the same way of command delivery. So, if the session was opened using out-of-band Login (L) command and the network host sends inband Set Setting (S) command (this command requires prior login) then this command is not considered to be a part of the opened programming session and is rejected.

 

Programming sessions are ended either by switching the DS off or using Logout (O) or Reboot (E) commands. There is also a two-minute programming session timeout: if no command (that requires prior login) is issued for two minutes the session is ended automatically. Inband, command-phase, and telnet-mode programming sessions are also closed when their TCP connection is closed.

 

The DS makes sure that only one programming session is opened at any given time- see programming priorities for details.

 

Command table at commands, messages, and replies details which commands require authentication (see 'L' and 'I' columns).

 

Sending Login (L) command to open a programming session is required even when the DS is running in the error mode but sending login password in this case is not necessary.