To provide the ability to interoperate with older software, which may not support authentication, software provides a “default account” mechanism. When an incoming connection does not provide any authentication information, a server substitutes the standard username and password with <DEFAULT>. After that substitution, the <DEFAULT>/<DEFAULT> authentication information is validated in exactly the same way any other username/password combination is validated.

An incoming connection that explicitly specifies <DEFAULT>/<DEFAULT> is permitted. It is treated in exactly the same way as a connection that supplied no authentication information.