The Remote Login Authentication Protocol is an authentication protocol used to authenticate a user over the network using a text file as a database, primarily the password database of a Unix system (however, it can be used as a wrapper around other file types and protocols (such as SQL)). This protocol communicates using a server/client paradigm: The client sends login credentials that are yet to be authenticated, and the server authenticates whatever credentials it receives.
A valid RLAP packet always start with RLAP followed by the role of the
system (SERVER or CLIENT) and the version number of the protocol
(1.0 at this time). This would be the header of the packet.
After the header, the packet would contain any of the following: a protocol command or a data stream.
Protocol commands are commands that are used in RLAP to control the start and end of a connection or a data stream. Here is a list of valid commands in RLAP:
RLAP_STARTCONNRLAP_ENDCONNRLAP_STARTLISTRLAP_ENDLIST
A data stream is a block of data sent by either the server or the client. Its contents depend on which system sent it (server or client). A client would send a data stream containing login credentials to the server, and the server would send a data stream containing authentication results back to the client.
Here's an example:
(Client):
RLAP_STARTLIST USER nano PLAINPASS system USER pocket HASHPASS bupDvZGBBMoBY ... (more entries) RLAP_ENDLIST
(Server):
RLAP_STARTLIST ENTRY 1 USER YES PASS NO ENTRY 2 USER NO ENTRY 3 USER YES PASS YES ... (more entries) RLAP_ENDLIST
(Client):
RLAP CLIENT 1.0 RLAP_STARTCONN RLAP_STARTLIST USER pocketlinux32 PLAINPASS password RLAP_ENDLIST
(Server):
RLAP SERVER 1.0 RLAP_STARTCONN RLAP_STARTLIST ENTRY 1 USER YES PASS YES RLAP_ENDLIST RLAP_ENDCONN