GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools

Trace: rfc1734
rfc:rfc1734

Network Working Group J. Myers Request for Comments: 1734 Carnegie Mellon Category: Standards Track December 1994 

                    POP3 AUTHentication command

Status of this Memo 

 This document specifies an Internet standards track protocol for the
 Internet community, and requests discussion and suggestions for
 improvements.  Please refer to the current edition of the "Internet
 Official Protocol Standards" (STD 1) for the standardization state
 and status of this protocol.  Distribution of this memo is unlimited.

1. Introduction 

 This document describes the optional AUTH command, for indicating an
 authentication mechanism to the server, performing an authentication
 protocol exchange, and optionally negotiating a protection mechanism
 for subsequent protocol interactions.  The authentication and
 protection mechanisms used by the POP3 AUTH command are those used by
 IMAP4.

2. The AUTH command 

 AUTH mechanism
       Arguments:
           a string identifying an IMAP4 authentication mechanism,
           such as defined by [IMAP4-AUTH].  Any use of the string
           "imap" used in a server authentication identity in the
           definition of an authentication mechanism is replaced with
           the string "pop".
       Restrictions:
           may only be given in the AUTHORIZATION state
       Discussion:
           The AUTH command indicates an authentication mechanism to
           the server.  If the server supports the requested
           authentication mechanism, it performs an authentication
           protocol exchange to authenticate and identify the user.
           Optionally, it also negotiates a protection mechanism for
           subsequent protocol interactions.  If the requested
           authentication mechanism is not supported, the server

Myers [Page 1] RFC 1734 POP3 AUTH December 1994 

           should reject the AUTH command by sending a negative
           response.
           The authentication protocol exchange consists of a series
           of server challenges and client answers that are specific
           to the authentication mechanism.  A server challenge,
           otherwise known as a ready response, is a line consisting
           of a "+" character followed by a single space and a BASE64
           encoded string.  The client answer consists of a line
           containing a BASE64 encoded string.  If the client wishes
           to cancel an authentication exchange, it should issue a
           line with a single "*".  If the server receives such an
           answer, it must reject the AUTH command by sending a
           negative response.
           A protection mechanism provides integrity and privacy
           protection to the protocol session.  If a protection
           mechanism is negotiated, it is applied to all subsequent
           data sent over the connection.  The protection mechanism
           takes effect immediately following the CRLF that concludes
           the authentication exchange for the client, and the CRLF of
           the positive response for the server.  Once the protection
           mechanism is in effect, the stream of command and response
           octets is processed into buffers of ciphertext.  Each
           buffer is transferred over the connection as a stream of
           octets prepended with a four octet field in network byte
           order that represents the length of the following data.
           The maximum ciphertext buffer length is defined by the
           protection mechanism.
           The server is not required to support any particular
           authentication mechanism, nor are authentication mechanisms
           required to support any protection mechanisms.  If an AUTH
           command fails with a negative response, the session remains
           in the AUTHORIZATION state and client may try another
           authentication mechanism by issuing another AUTH command,
           or may attempt to authenticate by using the USER/PASS or
           APOP commands.  In other words, the client may request
           authentication types in decreasing order of preference,
           with the USER/PASS or APOP command as a last resort.
           Should the client successfully complete the authentication
           exchange, the POP3 server issues a positive response and
           the POP3 session enters the TRANSACTION state.
       Possible Responses:
           +OK maildrop locked and ready
           -ERR authentication exchange failed

Myers [Page 2] RFC 1734 POP3 AUTH December 1994 

       Examples:
           S: +OK POP3 server ready
           C: AUTH KERBEROS_V4
           S: + AmFYig==
           C: BAcAQU5EUkVXLkNNVS5FRFUAOCAsho84kLN3/IJmrMG+25a4DT
              +nZImJjnTNHJUtxAA+o0KPKfHEcAFs9a3CL5Oebe/ydHJUwYFd
              WwuQ1MWiy6IesKvjL5rL9WjXUb9MwT9bpObYLGOKi1Qh
           S: + or//EoAADZI=
           C: DiAF5A4gA+oOIALuBkAAmw==
           S: +OK Kerberos V4 authentication successful
              ...
           C: AUTH FOOBAR
           S: -ERR Unrecognized authentication type
            Note: the line breaks in the first client answer  are
            for editorial clarity and are not in real authentica-
            tors.

Myers [Page 3] RFC 1734 POP3 AUTH December 1994

3. Formal Syntax 

 The following syntax specification uses the augmented Backus-Naur
 Form (BNF) notation as specified in RFC 822.
 Except as noted otherwise, all alphabetic characters are case-
 insensitive.  The use of upper or lower case characters to define
 token strings is for editorial clarity only.  Implementations MUST
 accept these strings in a case-insensitive fashion.
 ATOM_CHAR       ::= <any CHAR except atom_specials>
 atom_specials   ::= "(" / ")" / "{" / SPACE / CTLs / "%" / "*" /
                     <"> / "\"
 auth            ::= "AUTH" 1*(SPACE / TAB) auth_type *(CRLF base64)
                     CRLF
 auth_type       ::= 1*ATOM_CHAR
 base64          ::= *(4base64_CHAR) [base64_terminal]
 base64_char     ::= "A" / "B" / "C" / "D" / "E" / "F" / "G" / "H" /
         "I" / "J" / "K" / "L" / "M" / "N" / "O" / "P" /
                     "Q" / "R" / "S" / "T" / "U" / "V" / "W" / "X" /
                     "Y" / "Z" /
                     "a" / "b" / "c" / "d" / "e" / "f" / "g" / "h" /
                     "i" / "j" / "k" / "l" / "m" / "n" / "o" / "p" /
                     "q" / "r" / "s" / "t" / "u" / "v" / "w" / "x" /
                     "y" / "z" /
                     "0" / "1" / "2" / "3" / "4" / "5" / "6" / "7" /
                     "8" / "9" / "+" / "/"
                     ;; Case-sensitive
 base64_terminal ::= (2base64_char "==") / (3base64_char "=")
 CHAR            ::= <any 7-bit US-ASCII character except NUL,
                      0x01 - 0x7f>
 continue_req    ::= "+" SPACE base64 CRLF
 CR              ::= <ASCII CR, carriage return, 0x0C>
 CRLF            ::= CR LF
 CTL             ::= <any ASCII control character and DEL,
                      0x00 - 0x1f, 0x7f>

Myers [Page 4] RFC 1734 POP3 AUTH December 1994 

 LF              ::= <ASCII LF, line feed, 0x0A>
 SPACE           ::= <ASCII SP, space, 0x20>
 TAB             ::= <ASCII HT, tab, 0x09>

4. References 

 [IMAP4-AUTH]  Myers, J., "IMAP4 Authentication Mechanisms", RFC 1731,
 Carnegie Mellon, December 1994.

5. Security Considerations 

 Security issues are discussed throughout this memo.

6. Author's Address 

 John G. Myers
 Carnegie-Mellon University
 5000 Forbes Ave
 Pittsburgh, PA 15213
 EMail: jgm+@cmu.edu

Myers [Page 5]

/home/gen.uk/domains/wiki.gen.uk/public_html/data/pages/rfc/rfc1734.txt · Last modified: 1994/12/19 22:54 by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki