4.1 POP3 Client Successfully Authenticating to a POP3 Server
This section illustrates the NTLM POP3 Extension with a scenario in which a POP3 client successfully authenticates to a POP3 server by using NTLM. The following figure shows a POP3 client authenticating to a POP3 server.
Figure 4: POP3 client successfully authenticating to POP3 server
The client sends a POP3_AUTH_NTLM_Initiation_Command command to the server. This command is described in [RFC1734] and does not carry any POP3-specific data. It is included in this example to provide a better understanding of the POP3 NTLM initiation command. The POP3 message is as follows:
AUTH NTLM
The server sends the POP3_NTLM_Supported_Response message, which indicates that it can perform NTLM authentication. The POP3 message is as follows:
+
The client sends a POP3_AUTH_NTLM_Blob_Command command that contains a base64 encoded NTLM NEGOTIATE_MESSAGE message (as described in [MS-NLMP]).
The POP3 message is as follows:
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==The original NTLM message is as follows:
00000000:4e 54 4c 4d 53 53 50 00 01 00 00 00 07 82 08 a2 NTLMSSP......‚.¢ 00000010:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000020:05 01 28 0a 00 00 00 0f ..(.....
The server sends a POP3_AUTH_NTLM_Blob_Response message that contains a base64 encoded NTLM CHALLENGE_MESSAGE message (as described in [MS-NLMP]).
The POP3 message is as follows:
+ TlRMTVNTUAACAAAAFAAUADgAAAAFgoqinziKqGYjdlEAAAAAAAAAAGQAZABMAAAABQ LODgAAAA9UAEUAUwBUAFMARQBSAFYARQBSAAIAFABUAEUAUwBUAFMARQBSAFYARQBSAA EAFABUAEUAUwBUAFMARQBSAFYARQBSAAQAFABUAGUAcwB0AFMAZQByAHYAZQByAAMAFA BUAGUAcwB0AFMAZQByAHYAZQByAAAAAAA=
The NTLM message is as follows:
00000000:4e 54 4c 4d 53 53 50 00 02 00 00 00 14 00 14 00 NTLMSSP......... 00000010:38 00 00 00 05 82 8a a2 9f 38 8a a8 66 23 76 51 8....‚Š¢Ÿ8Š¨f#vQ 00000020:00 00 00 00 00 00 00 00 64 00 64 00 4c 00 00 00 ........d.d.L... 00000030:05 02 ce 0e 00 00 00 0f 54 00 45 00 53 00 54 00 ..Î.....T.E.S.T. 00000040:53 00 45 00 52 00 56 00 45 00 52 00 02 00 14 00 S.E.R.V.E.R..... 00000050:54 00 45 00 53 00 54 00 53 00 45 00 52 00 56 00 T.E.S.T.S.E.R.V. 00000060:45 00 52 00 01 00 14 00 54 00 45 00 53 00 54 00 E.R.....T.E.S.T. 00000070:53 00 45 00 52 00 56 00 45 00 52 00 04 00 14 00 S.E.R.V.E.R..... 00000080:54 00 65 00 73 00 74 00 53 00 65 00 72 00 76 00 T.e.s.t.S.e.r.v. 00000090:65 00 72 00 03 00 14 00 54 00 65 00 73 00 74 00 e.r.....T.e.s.t. 000000a0:53 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00 S.e.r.v.e.r....
The client sends a POP3_AUTH_NTLM_Blob_Command message that contains a base64 encoded NTLM AUTHENTICATE_MESSAGE message (as described in [MS-NLMP]).
The POP3 message is as follows:
TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABIAAAACAAIAEgAAAASABIAUAAA AAAAAACSAAAABYKIogUBKAoAAAAPdQBzAGUAcgBOAEYALQBDAEwASQBFAE4AVABKMiQ4 djhcSgAAAAAAAAAAAAAAAAAAAAC7zUSgB0Auy98bRi6h3mwHMJfbKNtxmmo=
The NTLM message is as follows:
00000000:4e 54 4c 4d 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP…...... 00000010:62 00 00 00 18 00 18 00 7a 00 00 00 00 00 00 00 b…....z….... 00000020:48 00 00 00 08 00 08 00 48 00 00 00 12 00 12 00 H…....H….... 00000030:50 00 00 00 00 00 00 00 92 00 00 00 05 82 88 a2 P…....'….‚ˆ¢ 00000040:05 01 28 0a 00 00 00 0f 75 00 73 00 65 00 72 00 ..(…..u.s.e.r. 00000050:4e 00 46 00 2d 00 43 00 4c 00 49 00 45 00 4e 00 N.F.-.C.L.I.E.N. 00000060:54 00 4a 32 24 38 76 38 5c 4a 00 00 00 00 00 00 T.J2$8v8\J…... 00000070:00 00 00 00 00 00 00 00 00 00 bb cd 44 a0 07 40 ….......»ÍD .@ 00000080:2e cb df 1b 46 2e a1 de 6c 07 30 97 db 28 db 71 .Ëß.F.¡Þl.0—Û(Ûq 00000090:9a 6a šj
The server sends a POP3_AUTH_NTLM_Succeeded_Response message. The POP3 message is as follow:
+OK User successfully logged on