Export (0) Print
Expand All

4.1 POP3 Client Successfully Authenticating to a POP3 Server

This section illustrates the NTLM POP3 Extension with a scenario in which a POP3 client successfully authenticates to a POP3 server by using NTLM. The following figure shows a POP3 client authenticating to a POP3 server.

Ee157679.01732832-926d-423a-9795-b134d81e0580(en-us,EXCHG.80).jpg

Figure 4: POP3 client successfully authenticating to POP3 server

  1. The client sends a POP3_AUTH_NTLM_Initiation_Command command to the server. This command is described in [RFC1734] and does not carry any POP3-specific data. It is included in this example to provide a better understanding of the POP3 NTLM initiation command. The POP3 message is as follows:

    AUTH NTLM
  2. The server sends the POP3_NTLM_Supported_Response message, which indicates that it can perform NTLM authentication. The POP3 message is as follows:

    + 
  3. The client sends a POP3_AUTH_NTLM_Blob_Command command that contains a base64 encoded NTLM NEGOTIATE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==The original NTLM message is as follows:

00000000:4e 54 4c 4d 53 53 50 00 01 00 00 00 07 82 08 a2     NTLMSSP......‚.¢
00000010:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000020:05 01 28 0a 00 00 00 0f ..(.....
  • The server sends a POP3_AUTH_NTLM_Blob_Response message that contains a base64 encoded NTLM CHALLENGE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

+ TlRMTVNTUAACAAAAFAAUADgAAAAFgoqinziKqGYjdlEAAAAAAAAAAGQAZABMAAAABQ
LODgAAAA9UAEUAUwBUAFMARQBSAFYARQBSAAIAFABUAEUAUwBUAFMARQBSAFYARQBSAA
EAFABUAEUAUwBUAFMARQBSAFYARQBSAAQAFABUAGUAcwB0AFMAZQByAHYAZQByAAMAFA
BUAGUAcwB0AFMAZQByAHYAZQByAAAAAAA=

The NTLM message is as follows:

00000000:4e 54 4c 4d 53 53 50 00 02 00 00 00 14 00 14 00     NTLMSSP.........
00000010:38 00 00 00 05 82 8a a2 9f 38 8a a8 66 23 76 51     8....‚Š¢Ÿ8Š¨f#vQ
00000020:00 00 00 00 00 00 00 00 64 00 64 00 4c 00 00 00     ........d.d.L...
00000030:05 02 ce 0e 00 00 00 0f 54 00 45 00 53 00 54 00     ..Î.....T.E.S.T.
00000040:53 00 45 00 52 00 56 00 45 00 52 00 02 00 14 00     S.E.R.V.E.R.....
00000050:54 00 45 00 53 00 54 00 53 00 45 00 52 00 56 00     T.E.S.T.S.E.R.V.
00000060:45 00 52 00 01 00 14 00 54 00 45 00 53 00 54 00     E.R.....T.E.S.T.
00000070:53 00 45 00 52 00 56 00 45 00 52 00 04 00 14 00     S.E.R.V.E.R.....
00000080:54 00 65 00 73 00 74 00 53 00 65 00 72 00 76 00     T.e.s.t.S.e.r.v.
00000090:65 00 72 00 03 00 14 00 54 00 65 00 73 00 74 00     e.r.....T.e.s.t.
000000a0:53 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00     S.e.r.v.e.r....
  • The client sends a POP3_AUTH_NTLM_Blob_Command message that contains a base64 encoded NTLM AUTHENTICATE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABIAAAACAAIAEgAAAASABIAUAAA
AAAAAACSAAAABYKIogUBKAoAAAAPdQBzAGUAcgBOAEYALQBDAEwASQBFAE4AVABKMiQ4
djhcSgAAAAAAAAAAAAAAAAAAAAC7zUSgB0Auy98bRi6h3mwHMJfbKNtxmmo=

The NTLM message is as follows:

00000000:4e 54 4c 4d 53 53 50 00 03 00 00 00 18 00 18 00     NTLMSSP…......
00000010:62 00 00 00 18 00 18 00 7a 00 00 00 00 00 00 00     b…....z…....
00000020:48 00 00 00 08 00 08 00 48 00 00 00 12 00 12 00     H…....H…....
00000030:50 00 00 00 00 00 00 00 92 00 00 00 05 82 88 a2     P…....'….‚ˆ¢
00000040:05 01 28 0a 00 00 00 0f 75 00 73 00 65 00 72 00     ..(…..u.s.e.r.
00000050:4e 00 46 00 2d 00 43 00 4c 00 49 00 45 00 4e 00     N.F.-.C.L.I.E.N.
00000060:54 00 4a 32 24 38 76 38 5c 4a 00 00 00 00 00 00     T.J2$8v8\J…...
00000070:00 00 00 00 00 00 00 00 00 00 bb cd 44 a0 07 40     ….......»ÍD .@
00000080:2e cb df 1b 46 2e a1 de 6c 07 30 97 db 28 db 71     .Ëß.F.¡Þl.0—Û(Ûq
00000090:9a 6a šj
  • The server sends a POP3_AUTH_NTLM_Succeeded_Response message. The POP3 message is as follow:

    +OK User successfully logged on
Show:
© 2014 Microsoft