Share via

3.1.1.1 SMTP State Model

  • Article

SMTP NTLM authentication client state model

Figure 2: SMTP NTLM authentication client state model

The abstract data model for the NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension has the following states:

  1.  start

    This is the state of the client before the SMTP_AUTH_NTLM_Initiation_Command message has been sent.

  2.  sent_authentication_request

    This is the state of the client after the SMTP_AUTH_NTLM_Initiation_Command message has been sent.

  3. received_response

    This is the state entered by the client after it has received an SMTP_NTLM_Supported_Response message, or when the client receives an SMTP_AUTH_NTLM_BLOB_Response message.

    When the client enters this state after receiving a SMTP_NTLM_Supported_Response message, the client invokes the NTLM software to get the NTLM_NEGOTIATE_MESSAGE and sends it to the server embedded inside the first SMTP_AUTH_NTLM Blob_Command. The client transitions the state to sent_command after it sends the SMTP_AUTH_NTLM Blob_Command.

    The client returns to this state from the sent_command state after it receives SMTP_AUTH_NTLM_BLOB_Response from the server.

    The client transitions the state to completed_authentication if it encounters an NTLM software error.

  4. sent_command

    This is the state entered by the client after it has sent an SMTP_AUTH_NTLM_Initiation_Command message with NTLM_NEGOTIATE_MESSAGE. During this state the client waits for a response from the server. When SMTP_AUTH_NTLM_BLOB_Response is received, the client transitions the state to received_response.

    The client returns to this state from the received_response state after it sends the SMTP_AUTH_NTLM Blob_Command to the server.

    The client transitions to completed_authentication if it receives SMTP_AUTH_FAIL_Response, SMTP_AUTH_Other_Failure_Response, or SMTP_AUTH_NTLM_Succeeded_Response.

  5.  completed_authentication

    This is the state of the client on completion of authentication (successful or otherwise).. Section 3.1.5 defines the rules for how this state is reached. The completed_authentication represents the end state of the authentication protocol.

    This document does not address the behavior of SMTP in this state.