4.2 POP3 Client Unsuccessfully Authenticating to a POP3 Server

This section illustrates the NTLM POP3 Extension with a scenario in which a POP3 client tries NTLM authentication to a POP3 server and the authentication fails. The following figure shows the unsuccessful attempt to authenticate to the POP3 server.

Client unsuccessfully authenticating to POP3 server

Figure 5: Client unsuccessfully authenticating to POP3 server

  1. The client sends a POP3_AUTH_NTLM_Initiation_Command command to the server. This command is described in [RFC1734] and does not carry any POP3-specific data. It is included in this example to provide a better understanding of the POP3 NTLM initiation command. The POP3 message is as follows:

     AUTH NTLM
    
  2. The server sends the POP3_NTLM_Supported_Response message, which indicates that it can perform NTLM authentication. The POP3 message is as follows:

     +
    
  3. The client sends a POP3_AUTH_NTLM_Blob_Command command that contains a base64 encoding NTLM NEGOTIATE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

 TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==

The NTLM message is as follows:

 00000000:4e 54 4c 4d 53 53 50 00 01 00 00 00 07 82 08 a2     NTLMSSP......‚.¢
 00000010:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     ................
 00000020:05 01 28 0a 00 00 00 0f ..(.....
  1. The server sends a POP3_AUTH_NTLM_Blob_Response message that contains a base64 encoded NTLM CHALLENGE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

 + TlRMTVNTUAACAAAAFAAUADgAAAAFgoqieUWd5ES4Bi0AAAAAAAAAAGQAZABMAA
 AABQLODgAAAA9UAEUAUwBUAFMARQBSAFYARQBSAAIAFABUAEUAUwBUAFMARQBSAF
 YARQBSAAEAFABUAEUAUwBUAFMARQBSAFYARQBSAAQAFABUAGUAcwB0AFMAZQByAH
 YAZQByAAMAFABUAGUAcwB0AFMAZQByAHYAZQByAAAAAAA=

The NTLM message is as follows:

 00000000:4e 54 4c 4d 53 53 50 00 02 00 00 00 14 00 14 00     NTLMSSP.........
 00000010:38 00 00 00 05 82 8a a2 79 45 9d e4 44 b8 06 2d     8....‚Š¢yE•äD¸.-
 00000020:00 00 00 00 00 00 00 00 64 00 64 00 4c 00 00 00     ........d.d.L...
 00000030:05 02 ce 0e 00 00 00 0f 54 00 45 00 53 00 54 00     ..Î.....T.E.S.T.
 00000040:53 00 45 00 52 00 56 00 45 00 52 00 02 00 14 00     S.E.R.V.E.R.....
 00000050:54 00 45 00 53 00 54 00 53 00 45 00 52 00 56 00     T.E.S.T.S.E.R.V.
 00000060:45 00 52 00 01 00 14 00 54 00 45 00 53 00 54 00     E.R.....T.E.S.T.
 00000070:53 00 45 00 52 00 56 00 45 00 52 00 04 00 14 00     S.E.R.V.E.R.....
 00000080:54 00 65 00 73 00 74 00 53 00 65 00 72 00 76 00     T.e.s.t.S.e.r.v.
 00000090:65 00 72 00 03 00 14 00 54 00 65 00 73 00 74 00     e.r.....T.e.s.t.
 000000a0:53 00 65 00 72 00 76 00 65 00 72 00 00 00 00 00     S.e.r.v.e.r.....
  1. The client sends a POP3_AUTH_NTLM_Blob_Command command that contains a base64 encoded NTLM AUTHENTICATE_MESSAGE message (as described in [MS-NLMP]).

The POP3 message is as follows:

 TlRMTVNTUAADAAAAGAAYAGIAAAAYABgAegAAAAAAAABIAAAACAAIAEgAAAASABIA
 UAAAAAAAAACSAAAABYKIogUBKAoAAAAPdQBzAGUAcgBOAEYALQBDAEwASQBFAE4A
 VAAOarJ6lZ5ZNwAAAAAAAAAAAAAAAAAAAACD9mD8jmWs4FkZe59/nNb1cF2HkL0C
 GZw=

The NTLM message is as follows:

 00000000:4e 54 4c 4d 53 53 50 00 03 00 00 00 18 00 18 00     NTLMSSP.........
 00000010:62 00 00 00 18 00 18 00 7a 00 00 00 00 00 00 00     b.......z.......
 00000020:48 00 00 00 08 00 08 00 48 00 00 00 12 00 12 00     H.......H.......
 00000030:50 00 00 00 00 00 00 00 92 00 00 00 05 82 88 a2     P.......'....‚ˆ¢
 00000040:05 01 28 0a 00 00 00 0f 75 00 73 00 65 00 72 00     ..(.....u.s.e.r.
 00000050:4e 00 46 00 2d 00 43 00 4c 00 49 00 45 00 4e 00     N.F.-.C.L.I.E.N.
 00000060:54 00 0e 6a b2 7a 95 9e 59 37 00 00 00 00 00 00     T..j²z•ţY7......
 00000070:00 00 00 00 00 00 00 00 00 00 83 f6 60 fc 8e 65     ..........ƒö`üŢe
 00000080:ac e0 59 19 7b 9f 7f 9c d6 f5 70 5d 87 90 bd 02     ¬àY.{ŸoeÖõp]‡•½.
 00000090:19 9c .oe
  1. The server sends a POP3_AUTH_NTLM_Fail_Response message. The POP3 message is as follows:

     -ERR, Error: Command not valid
    
Show: