2.2 Message Syntax
The three commands in which Telnet: NTLM Authentication Protocol messages can be embedded are SEND, IS, and REPLY. The structure of each of these commands is as follows:
IAC SB AUTHENTICATION SEND authentication-type-pair-list IAC SE
IAC SB AUTHENTICATION IS authentication-type-pair <auth data> IAC SE
IAC SB AUTHENTICATION REPLY authentication-type-pair <auth data> IAC SE
The Telnet: NTLM Authentication Protocol specifies the values that the authentication-type-pair-list and the <auth data> fields must be filled with, when the negotiated authentication mechanism is NTLM. That is, the payload of the Telnet: NTLM Authentication Protocol is solely the authentication-type-pair-list field in the case of the SEND command; and the payload consists of the authentication-type-pair and the <auth data> fields in the cases of the IS and REPLY commands.
The following figure illustrates the relationship between SEND commands and a Telnet: NTLM Authentication Protocol packet.
Figure 2: Relationship between SEND commands and Telnet: NTLM Authentication packet
The following figure illustrates the relationship between IS and REPLY commands and a Telnet: NTLM Authentication Protocol packet.
Figure 3: Relationship between IS and REPLY commands and Telnet: NTLM Authentication packet
The message syntax of a Telnet: NTLM Authentication Protocol message depends on the Telnet Authentication Option command (as specified in [RFC2941]) in which it is to be embedded, whether a SEND (section 2.2.1), IS (section 2.2.2), or REPLY (section 2.2.2) command.