3.1.1.1 IMAP4 NTLM Extension State Model
The following figure shows the client IMAP4 NTLM extension state model.
Figure 1: Client IMAP4 NTLM state model
The abstract data model for IMAP4 NTLM extension has the following states:
Start: State of the client before the IMAP4_AUTHENTICATE_NTLM_Initiation_Command message has been sent.
sent_authentication_request: State of the client after the IMAP4_AUTHENTICATE_NTLM_Initiation_Command message has been sent.
inside_authentication: State that is entered by a client after it has received an IMAP4_AUTHENTICATE_NTLM_Supported_Response message. In this state, the client initializes the NTLM subsystem and performs the following steps:
Encapsulates the NTLM message, returned by the NTLM subsystem, into an IMAP4_AUTHENTICATE_NTLM_Blob_Command message and sends the message to the server. Waits for a response from the server.
De-encapsulates the received IMAP4_AUTHENTICATE_NTLM_Blob_Response message data (if any) from the server and converts it to NTLM message data.
Passes the NTLM message data to the NTLM subsystem.
Encapsulates the NTLM authenticate message, returned by the NTLM subsystem, into an IMAP4_AUTHENTICATE_NTLM_Blob_Command message.
Sends the IMAP4_AUTHENTICATE_NTLM_Blob_Command message to the server.
The inside_authentication state terminates when:
An IMAP4_AUTHENTICATE_NTLM_Succeeded_Response, IMAP4_AUTHENTICATE_NTLM_Fail_Response, or IMAP4_AUTHENTICATE_NTLM_Cancelled_Response message is received.
Any failure is reported by the NTLM subsystem.
completed_authentication: State of the client on exiting the inside_authentication or the sent_authentication_request state. The rules for exiting the inside_authentication state are defined in section 3.1.5.1.4 and section 3.1.5.1.5. The behavior of IMAP4 in this state is outside the scope of this specification.