3.2.4 Higher-Layer Triggered Events

When the server receives a POP3_AUTH_NTLM_Blob_Command command that contains an NTLM NEGOTIATE_MESSAGE message (as specified in [MS-NLMP]), the message is passed to the NTLM system. If the NTLM system is successful in handling the message, the NTLM system returns an NTLM CHALLENGE_MESSAGE message (as specified in [MS-NLMP]). The NTLM system triggers the server to send a POP3_AUTH_NTLM_Blob_Response message that contains the NTLM CHALLENGE_MESSAGE message.

When the server receives a POP3_AUTH_NTLM_Blob_Command command that contains an NTLM AUTHENTICATE_MESSAGE message (as specified in [MS-NLMP]), the message is passed to the NTLM system. If the NTLM system is successful in handling the message, the NTLM system returns a confirmation that the client successfully logged on. The successful NTLM system logon triggers the server to send a POP3_Authentication_Succeeded_Response message. The server state is then changed to the completed_authentication state.

When the server receives a POP3_AUTH_NTLM_ Blob_Command command that contains an NTLM AUTHENTICATE_MESSAGE message, the message is passed to the NTLM system. If the NTLM system handles the NTLM AUTHENTICATE_MESSAGE message and the message has an incorrect user name or password, the NTLM system MUST terminate authentication. The NTLM system informs the server that authentication has been stopped, which triggers the server to send a POP3_AUTH_Failed_Response message to the client. The server state is then changed to the completed_authentication state.

If the NTLM system returns any failure status, the failure status MUST trigger the server to send a POP3_AUTH_Failed_Response message to the client.