4.18.2.1. Authenticating clients

The proxy can authenticate the clients using passwords. GSS-API and other authentication methods supported by the SOCKSv5 protocol are not supported. The process of negotiating the authentication between the client and the Socks proxy is the following:

  1. The client sends the list of authentication methods is supports to the SOCKS server.

  2. The Socks proxy replies to the client on behalf of the SOCKS server, depending on the configuration of the Socks proxy:

    • If the client selected password-based authentication and the disable_auth_v5 option is set to FALSE and the require_auth_v5 is set to TRUE (which are the defaults), PNS replies that password authentication is supported.

    • If the require_auth_v5 is set to FALSE, and the client supports the none authentication method, the connection is accepted without authentication.

    • In other cases, the client receives an authentication error.

The Socks proxy supports inband authentication as well. For details on inband authentication, see Section 5.1.10, Class InbandAuthentication.