Export (0) Print
Expand All

4.2 POP3 Client Unsuccessfully Authenticating to a POP3 Server

This section illustrates the NTLM POP3 Extension with a scenario in which a POP3 client tries NTLM authentication to a POP3 server and the authentication fails. The following figure shows the unsuccessful attempt to authenticate to the POP3 server.

Ee218140.a2233d94-e667-4397-a57b-655477767ee2(en-us,EXCHG.80).jpg

Figure 5: Client unsuccessfully authenticating to POP3 server

  1. The client sends a POP3_AUTH_NTLM_Initiation_Command command to the server. This command is described in [RFC1734] and does not carry any POP3-specific data. It is included in this example to provide a better understanding of the POP3 NTLM initiation command. The POP3 message is as follows:

    AUTH NTLM
  2. The server sends the POP3_NTLM_Supported_Response message, which indicates that it can perform NTLM authentication. The POP3 message is as follows:

    +
  3. The client sends a POP3_AUTH_NTLM_Blob_Command command that contains a base64 encoding NTLM NEGOTIATE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==

The NTLM message is as follows:

00000000:4e 54 4c 4d 53 53 50 00 01 00 00 00 07 82 08 a2     NTLMSSP......‚.¢
00000010:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
00000020:05 01 28 0a 00 00 00 0f ..(.....
  • The server sends a POP3_AUTH_NTLM_Blob_Response message that contains a base64 encoded NTLM CHALLENGE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

+ TlRMTVNTUAACAAAAFAAUADgAAAAFgoqieUWd5ES4Bi0AAAAAAAAAAGQAZABMAA
AABQLODgAAAA9UAEUAUwBUAFMARQBSAFYARQBSAAIAFABUAEUAUwBUAFMARQBSAF
YARQBSAAEAFABUAEUAUwBUAFMARQBSAFYARQBSAAQAFABUAGUAcwB0AFMAZQByAH
YAZQByAAMAFABUAGUAcwB0AFMAZQByAHYAZQByAAAAAAA=

The NTLM message is as follows:

00000000:4e 54 4c 4d 53 53 50 00 02 00 00 00 14 00 14 00     NTLMSSP.........
00000010:38 00 00 00 05 82 8a a2 79 45 9d e4 44 b8 06 2d     8....‚Š¢yE•äD¸.-
00000020:00 00 00 00 00 00 00 00 64 00 64 00 4c 00 00 00     ........d.d.L...
00000030:05 02 ce 0e 00 00 00 0f 54 00 45 00 53 00 54 00     ..Î.....T.E.S.T.
00000040:53 00 45 00 52 00 56 00 45 00 52 00 02 00 14 00     S.E.R.V.E.R.....
00000050:54 00 45 00 53 00 54 00 53 00 45 00 52 00 56 00     T.E.S.T.S.E.R.V.
00000060:45 00 52 00 01 00 14 00 54 00 45 00 53 00 54 00     E.R.....T.E.S.T.
00000070:53 00 45 00 52 00 56 00 45 00 52 00 04 00 14 00     S.E.R.V.E.R.....
00000080:54 00 65 00 73 00 74 00 53 00 65 00 72 00 76 00     T.e.s.t.S.e.r.v.
00000090:65 00 72 00 03 00 14 00 54 00 65 00 73 00 74 00     e.r.....T.e.s.t.
000000a0:53 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00     S.e.r.v.e.r.....
  • The client sends a POP3_AUTH_NTLM_Blob_Command command that contains a base64 encoded NTLM AUTHENTICATE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABIAAAACAAIAEgAAAASABIA
UAAAAAAAAACSAAAABYKIogUBKAoAAAAPdQBzAGUAcgBOAEYALQBDAEwASQBFAE4A
VAAOarJ6lZ5ZNwAAAAAAAAAAAAAAAAAAAACD9mD8jmWs4FkZe59/nNb1cF2HkL0C
GZw=

The NTLM message is as follows:

00000000:4e 54 4c 4d 53 53 50 00 03 00 00 00 18 00 18 00     NTLMSSP.........
00000010:62 00 00 00 18 00 18 00 7a 00 00 00 00 00 00 00     b.......z.......
00000020:48 00 00 00 08 00 08 00 48 00 00 00 12 00 12 00     H.......H.......
00000030:50 00 00 00 00 00 00 00 92 00 00 00 05 82 88 a2     P.......'....‚ˆ¢
00000040:05 01 28 0a 00 00 00 0f 75 00 73 00 65 00 72 00     ..(.....u.s.e.r.
00000050:4e 00 46 00 2d 00 43 00 4c 00 49 00 45 00 4e 00     N.F.-.C.L.I.E.N.
00000060:54 00 0e 6a b2 7a 95 9e 59 37 00 00 00 00 00 00     T..j²z•ţY7......
00000070:00 00 00 00 00 00 00 00 00 00 83 f6 60 fc 8e 65     ..........ƒö`üŢe
00000080:ac e0 59 19 7b 9f 7f 9c d6 f5 70 5d 87 90 bd 02     ¬àY.{ŸoeÖõp]‡•½.
00000090:19 9c .oe
  • The server sends a POP3_AUTH_NTLM_Fail_Response message. The POP3 message is as follows:

    -ERR, Error: Command not valid
Show:
© 2014 Microsoft