3.2.1.2 NTLM Software Interaction
During the inside_authentication state, the NNTP server invokes the NTLM software, as described in [MS-NLMP] section 3.2. The NTLM protocol is used with these options:
The negotiation is a connection-oriented NTLM negotiation.
None of the flags that are specified in [MS-NLMP] section 3.2.1 are passed to NTLM.
The following describes how NNTP uses NTLM. For more information, see [MS-NLMP] section 3.2.1, which describes the data model and sequencing of NTLM packets in greater detail:
When the server receives the NTLM NEGOTIATE_MESSAGE, it passes it to the NTLM software and if the NTLM NEGOTIATE_MESSAGE was valid, it receives the NTLM CHALLENGE_MESSAGE in return.
Subsequently, the exchange of NTLM messages goes on as defined by the NTLM Authentication Protocol: The NNTP server encapsulates the NTLM messages that are returned by NTLM before sending them to the client.
When the NTLM Authentication Protocol completes authentication, either successfully or unsuccessfully, the NTLM software notifies NNTP.
Upon successful completion, the server MUST exit the inside_authentication state, enter the completed_authentication state, and send the NNTP_AUTH_NTLM_Succeeded_Response to the client. Upon receiving this message, the client MUST also transition to the completed_authentication state.
If a failure occurs because of an incorrect password error, as described in [MS-NLMP] sections 3.3.1 and 3.3.2, the server MUST enter the completed_authentication state and send the client an NNTP_AUTH_Fail_Response message.
If a failure occurs on the server because of any other reason than an incorrect password error, the server enters the completed_authentication state and sends the client an NNTP_AUTH_Fail_Response message. Upon receiving this message, the client enters the completed_authentication state.