4.1 POP3 Client Successfully Authenticating to a POP3 Server

This section illustrates the NTLM POP3 Extension with a scenario in which a POP3 client successfully authenticates to a POP3 server by using NTLM. The following figure shows a POP3 client authenticating to a POP3 server.

POP3 client successfully authenticating to POP3 server

Figure 4: POP3 client successfully authenticating to POP3 server

  1. The client sends a POP3_AUTH_NTLM_Initiation_Command command to the server. This command is described in [RFC1734] and does not carry any POP3-specific data. It is included in this example to provide a better understanding of the POP3 NTLM initiation command. The POP3 message is as follows:

     AUTH NTLM
    
  2. The server sends the POP3_NTLM_Supported_Response message, which indicates that it can perform NTLM authentication. The POP3 message is as follows:

     + 
    
  3. The client sends a POP3_AUTH_NTLM_Blob_Command command that contains a base64 encoded NTLM NEGOTIATE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==The original NTLM message is as follows:

 00000000:4e 54 4c 4d 53 53 50 00 01 00 00 00 07 82 08 a2     NTLMSSP......‚.¢
 00000010:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
 00000020:05 01 28 0a 00 00 00 0f ..(.....
  1. The server sends a POP3_AUTH_NTLM_Blob_Response message that contains a base64 encoded NTLM CHALLENGE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

 + TlRMTVNTUAACAAAAFAAUADgAAAAFgoqinziKqGYjdlEAAAAAAAAAAGQAZABMAAAABQ
 LODgAAAA9UAEUAUwBUAFMARQBSAFYARQBSAAIAFABUAEUAUwBUAFMARQBSAFYARQBSAA
 EAFABUAEUAUwBUAFMARQBSAFYARQBSAAQAFABUAGUAcwB0AFMAZQByAHYAZQByAAMAFA
 BUAGUAcwB0AFMAZQByAHYAZQByAAAAAAA=

The NTLM message is as follows:

 00000000:4e 54 4c 4d 53 53 50 00 02 00 00 00 14 00 14 00     NTLMSSP.........
 00000010:38 00 00 00 05 82 8a a2 9f 38 8a a8 66 23 76 51     8....‚Š¢Ÿ8Š¨f#vQ
 00000020:00 00 00 00 00 00 00 00 64 00 64 00 4c 00 00 00     ........d.d.L...
 00000030:05 02 ce 0e 00 00 00 0f 54 00 45 00 53 00 54 00     ..Î.....T.E.S.T.
 00000040:53 00 45 00 52 00 56 00 45 00 52 00 02 00 14 00     S.E.R.V.E.R.....
 00000050:54 00 45 00 53 00 54 00 53 00 45 00 52 00 56 00     T.E.S.T.S.E.R.V.
 00000060:45 00 52 00 01 00 14 00 54 00 45 00 53 00 54 00     E.R.....T.E.S.T.
 00000070:53 00 45 00 52 00 56 00 45 00 52 00 04 00 14 00     S.E.R.V.E.R.....
 00000080:54 00 65 00 73 00 74 00 53 00 65 00 72 00 76 00     T.e.s.t.S.e.r.v.
 00000090:65 00 72 00 03 00 14 00 54 00 65 00 73 00 74 00     e.r.....T.e.s.t.
 000000a0:53 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00     S.e.r.v.e.r....
  1. The client sends a POP3_AUTH_NTLM_Blob_Command message that contains a base64 encoded NTLM AUTHENTICATE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

 TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABIAAAACAAIAEgAAAASABIAUAAA
 AAAAAACSAAAABYKIogUBKAoAAAAPdQBzAGUAcgBOAEYALQBDAEwASQBFAE4AVABKMiQ4
 djhcSgAAAAAAAAAAAAAAAAAAAAC7zUSgB0Auy98bRi6h3mwHMJfbKNtxmmo=

The NTLM message is as follows:

 00000000:4e 54 4c 4d 53 53 50 00 03 00 00 00 18 00 18 00     NTLMSSP…......
 00000010:62 00 00 00 18 00 18 00 7a 00 00 00 00 00 00 00     b…....z…....
 00000020:48 00 00 00 08 00 08 00 48 00 00 00 12 00 12 00     H…....H…....
 00000030:50 00 00 00 00 00 00 00 92 00 00 00 05 82 88 a2     P…....'….‚ˆ¢
 00000040:05 01 28 0a 00 00 00 0f 75 00 73 00 65 00 72 00     ..(…..u.s.e.r.
 00000050:4e 00 46 00 2d 00 43 00 4c 00 49 00 45 00 4e 00     N.F.-.C.L.I.E.N.
 00000060:54 00 4a 32 24 38 76 38 5c 4a 00 00 00 00 00 00     T.J2$8v8\J…...
 00000070:00 00 00 00 00 00 00 00 00 00 bb cd 44 a0 07 40     ….......»ÍD .@
 00000080:2e cb df 1b 46 2e a1 de 6c 07 30 97 db 28 db 71     .Ëß.F.¡Þl.0—Û(Ûq
 00000090:9a 6a šj
  1. The server sends a POP3_AUTH_NTLM_Succeeded_Response message. The POP3 message is as follow:

     +OK User successfully logged on
    
Show: