1.1 Glossary

  • Article

This document uses the following terms:

connection-oriented NTLM: A particular variant of NTLM designed to be used with connection-oriented remote procedure call (RPC), as described in [MS-NLMP].

IS command: A Telnet Authentication Option command used to send authentication information (as specified in [RFC2941]). The structure of IS command, as specified in [RFC2941] section 2, is:  IAC SB AUTHENTICATION IS authentication-type-pair <auth data> IAC SE.

little-endian: Multiple-byte values that are byte-ordered with the least significant byte stored in the memory location with the lowest address.

NT LAN Manager (NTLM) Authentication Protocol: A protocol using a challenge-response mechanism for authentication in which clients are able to verify their identities without sending a password to the server. It consists of three messages, commonly referred to as Type 1 (negotiation), Type 2 (challenge) and Type 3 (authentication).

NTLM AUTHENTICATE_MESSAGE: The NTLM AUTHENTICATE_MESSAGE packet defines an NTLM authenticate message that is sent from the client to the server after the NTLM CHALLENGE_MESSAGE is processed by the client. Message structure and other details of this packet are specified in [MS-NLMP].

NTLM CHALLENGE_MESSAGE: The NTLM CHALLENGE_MESSAGE packet defines an NTLM challenge message that is sent from the server to the client. NTLM CHALLENGE_MESSAGE is generated by the local NTLM software and passed to the application that supports embedded NTLM authentication. This message is used by the server to challenge the client to prove its identity. Message structure and other details of this packet are specified in [MS-NLMP].

NTLM message: A message that carries authentication information. Its payload data is passed to the application that supports embedded NTLM authentication by the NTLM software installed on the local computer. NTLM messages are transmitted between the client and server embedded within the application protocol that is using NTLM authentication. There are three types of NTLM messages: NTLM NEGOTIATE_MESSAGE, NTLM CHALLENGE_MESSAGE, and NTLM AUTHENTICATE_MESSAGE.

NTLM NEGOTIATE_MESSAGE: The NEGOTIATE_MESSAGE packet defines an NTLM negotiate message that is sent from the client to the server. The NTLM NEGOTIATE_MESSAGE is generated by the local NTLM software and passed to the application that supports embedded NTLM authentication. This message allows the client to specify its supported NTLM options to the server. Message structure and other details are specified in [MS-NLMP].

NTLM software: Software that implements the NT LAN Manager (NTLM) Authentication Protocol.

REPLY command: A Telnet Authentication Option (as specified in [RFC2941]) message used to send replies to the IS command. The structure of this command, as specified in [RFC2941] section 2, is: IAC SB AUTHENTICATION REPLY authentication-type-pair <auth data> IAC SE.

SEND command: A Telnet Authentication Option (as specified in [RFC2941]) command used to request authentication information. The structure of this command, as specified in [RFC2941] section 2, is: IAC SB AUTHENTICATION SEND authentication-type-pair-list IAC SE.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.