Once the SOCKS V5 server has started, and the client has selected the
Username/Password Authentication protocol, the Username/Password
subnegotiation begins. This begins with the client producing a
Username/Password request:
The VER field contains the current version of the subnegotiation,
which is X'01'. The ULEN field contains the length of the UNAME field
that follows. The UNAME field contains the username as known to the
source operating system. The PLEN field contains the length of the
PASSWD field that follows. The PASSWD field contains the password
association with the given UNAME.
The server verifies the supplied UNAME and PASSWD, and sends the
following response:
ynyn(风林火山),我的QQ是14554393,如果方便的话我想和进一步交流一下! :)
------------------------------------------------------------------------
wingate中我是这样设置的(注意,我是单机调试):
1.在socks代理服务器子目中勾上"Use RFC1929(clear text) authentication for .."
2.Asuumed Users中任何地址/主机名都不绑定任何用户。(也就是说里边是空)
3.System Policies中所有用户(Everyone)均为"User must be authentic"(必须验证)
4.在socks代理服务器中的Policies中Add入两个用户--"Administrator"以及"enter"(自定义的一个用户名),均为"user mey be unknown"。
5.调试时,我传入"Administrator"/任何口令(注意),反馈的都是通过验证(01 00)
如果我传入"enter"/设置过的口令(符合wingate用户数据库),反馈的却是验证失败(05 02)
附:如果在System Policies中所有用户(Everyone)均为"user mey be unknown"的话,那socks代理服务器就不会验证用户身份了。可这与wingate help所说的不符阿,
1.
Some SOCKS5 clients can use 慠FC1929?(an Internet 憇tandard? authentication. This uses a username and password transmitted as clear text. When a user connects to WinGate, WinGate evaluates the client抯 current level of authentication (Unknown, Assumed or Authenticated), depending on what it already knows about the client. If the user is unknown, and you have the option "Use RFC1929?" enabled, then WinGate will require the user to use this method to raise it抯 security level to Assumed. Otherwise, the client will not be required to use this method. There is a special case here. If a user is assumed to be someone that has no rights to use the SOCKS server, then WinGate will still allow the user to authenticate (using RFC1929). Provided that the user then authenticates as someone with rights to use the SOCKS server, then they will be granted access.
RFC1929 is not very secure, and we recommend that you do not use this method if you are authenticating across an untrusted network, such as the Internet. Because this method is not secure, a user that has used this method will raise their security level only to assumed, not authenticated.
2.
Use RFC1929 Authentication
This option is available for those who have secondary SOCKS authentication servers. Name and Password are taken from the user database. If you use this option, a Guest user will have their authentication level increased to 慳ssumed?while a session is authenticated with this method.
This option is not recommended, as passwords are sent as 'plaintext'.
3.
SOCKS Server
The WinGate SOCKS server is SOCKS 4 and SOCKS 5 (RFC 1928) compliant. It supports RFC1929 authentication using the user accounts in the WinGate User Database. The WinGate SOCKS server is HTTP-aware. It can intercept HTTP requests, and handle them with the built-in WinGate WWW proxy. This means that even your SOCKS users will enjoy the benefits of the WWW proxy (e.g. caching), and can be subject to the same security policies.