3.2.1.1 IMAP4 NTLM Extension State Model
The following figure shows the server IMAP4 NTLM extension state model.
Figure 2: Server IMAP4 NTLM state model
The abstract data model for the IMAP4 NTLM extension has the following states:
Start: State of the server before the IMAP4_AUTHENTICATE_NTLM_Initiation_Command message has been received.
received_authentication_request: State of the server after the IMAP4_AUTHENTICATE_NTLM_Initiation_Command message has been received.
inside_authentication: State entered by a server after it has sent an IMAP4_AUTHENTICATE_NTLM_Supported_Response message. In this state, the server initializes the NTLM subsystem and performs the following steps:
Waits for a message from the client.
De-encapsulates the received IMAP4_AUTHENTICATE_NTLM_Blob_Command message from the client and obtains the embedded NTLM message data.
Passes the NTLM message data to the NTLM subsystem.
Encapsulates the NTLM message returned by the NTLM subsystem into an IMAP4_AUTHENTICATE_NTLM_Blob_Response message.
Sends the IMAP4_AUTHENTICATE_NTLM_Blob_Response message to the client.
This state terminates when one of the following occurs:
The NTLM subsystem reports completion with either a success or failed authentication status, upon which the server sends the client an IMAP4_AUTHENTICATE_NTLM_Succeeded_Response message or an IMAP4_AUTHENTICATE_NTLM_Fail_Response message, as specified in [RFC1731].
The server receives an IMAP4_AUTHENTICATE_NTLM_Cancellation_Command message.
Any failure is reported by the NTLM subsystem, upon which the server sends the client an IMAP4_AUTHENTICATE_NTLM_Fail_Response message.
completed_authentication: State of the server on exiting the inside_authentication or the received_authentication_request state. The rules for exiting the inside_authentication state are defined in section 3.2.5.1.2.2, section 3.2.5.1.2.3, section 3.2.5.1.2.4, and section 3.2.5.1.3. The behavior of IMAP4 in this state is outside the scope of this protocol.