summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc1734.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc1734.txt')
-rw-r--r--doc/rfc/rfc1734.txt283
1 files changed, 283 insertions, 0 deletions
diff --git a/doc/rfc/rfc1734.txt b/doc/rfc/rfc1734.txt
new file mode 100644
index 0000000..f37f29e
--- /dev/null
+++ b/doc/rfc/rfc1734.txt
@@ -0,0 +1,283 @@
+
+
+
+
+
+
+Network Working Group J. Myers
+Request for Comments: 1734 Carnegie Mellon
+Category: Standards Track December 1994
+
+
+ POP3 AUTHentication command
+
+Status of this Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+
+1. Introduction
+
+ This document describes the optional AUTH command, for indicating an
+ authentication mechanism to the server, performing an authentication
+ protocol exchange, and optionally negotiating a protection mechanism
+ for subsequent protocol interactions. The authentication and
+ protection mechanisms used by the POP3 AUTH command are those used by
+ IMAP4.
+
+
+2. The AUTH command
+
+ AUTH mechanism
+
+ Arguments:
+ a string identifying an IMAP4 authentication mechanism,
+ such as defined by [IMAP4-AUTH]. Any use of the string
+ "imap" used in a server authentication identity in the
+ definition of an authentication mechanism is replaced with
+ the string "pop".
+
+ Restrictions:
+ may only be given in the AUTHORIZATION state
+
+ Discussion:
+ The AUTH command indicates an authentication mechanism to
+ the server. If the server supports the requested
+ authentication mechanism, it performs an authentication
+ protocol exchange to authenticate and identify the user.
+ Optionally, it also negotiates a protection mechanism for
+ subsequent protocol interactions. If the requested
+ authentication mechanism is not supported, the server
+
+
+
+Myers [Page 1]
+
+RFC 1734 POP3 AUTH December 1994
+
+
+ should reject the AUTH command by sending a negative
+ response.
+
+ The authentication protocol exchange consists of a series
+ of server challenges and client answers that are specific
+ to the authentication mechanism. A server challenge,
+ otherwise known as a ready response, is a line consisting
+ of a "+" character followed by a single space and a BASE64
+ encoded string. The client answer consists of a line
+ containing a BASE64 encoded string. If the client wishes
+ to cancel an authentication exchange, it should issue a
+ line with a single "*". If the server receives such an
+ answer, it must reject the AUTH command by sending a
+ negative response.
+
+ A protection mechanism provides integrity and privacy
+ protection to the protocol session. If a protection
+ mechanism is negotiated, it is applied to all subsequent
+ data sent over the connection. The protection mechanism
+ takes effect immediately following the CRLF that concludes
+ the authentication exchange for the client, and the CRLF of
+ the positive response for the server. Once the protection
+ mechanism is in effect, the stream of command and response
+ octets is processed into buffers of ciphertext. Each
+ buffer is transferred over the connection as a stream of
+ octets prepended with a four octet field in network byte
+ order that represents the length of the following data.
+ The maximum ciphertext buffer length is defined by the
+ protection mechanism.
+
+ The server is not required to support any particular
+ authentication mechanism, nor are authentication mechanisms
+ required to support any protection mechanisms. If an AUTH
+ command fails with a negative response, the session remains
+ in the AUTHORIZATION state and client may try another
+ authentication mechanism by issuing another AUTH command,
+ or may attempt to authenticate by using the USER/PASS or
+ APOP commands. In other words, the client may request
+ authentication types in decreasing order of preference,
+ with the USER/PASS or APOP command as a last resort.
+
+ Should the client successfully complete the authentication
+ exchange, the POP3 server issues a positive response and
+ the POP3 session enters the TRANSACTION state.
+
+ Possible Responses:
+ +OK maildrop locked and ready
+ -ERR authentication exchange failed
+
+
+
+Myers [Page 2]
+
+RFC 1734 POP3 AUTH December 1994
+
+
+
+ Examples:
+ S: +OK POP3 server ready
+ C: AUTH KERBEROS_V4
+ S: + AmFYig==
+ C: BAcAQU5EUkVXLkNNVS5FRFUAOCAsho84kLN3/IJmrMG+25a4DT
+ +nZImJjnTNHJUtxAA+o0KPKfHEcAFs9a3CL5Oebe/ydHJUwYFd
+ WwuQ1MWiy6IesKvjL5rL9WjXUb9MwT9bpObYLGOKi1Qh
+ S: + or//EoAADZI=
+ C: DiAF5A4gA+oOIALuBkAAmw==
+ S: +OK Kerberos V4 authentication successful
+ ...
+ C: AUTH FOOBAR
+ S: -ERR Unrecognized authentication type
+
+ Note: the line breaks in the first client answer are
+ for editorial clarity and are not in real authentica-
+ tors.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Myers [Page 3]
+
+RFC 1734 POP3 AUTH December 1994
+
+
+3. Formal Syntax
+
+ The following syntax specification uses the augmented Backus-Naur
+ Form (BNF) notation as specified in RFC 822.
+
+ Except as noted otherwise, all alphabetic characters are case-
+ insensitive. The use of upper or lower case characters to define
+ token strings is for editorial clarity only. Implementations MUST
+ accept these strings in a case-insensitive fashion.
+
+ ATOM_CHAR ::= <any CHAR except atom_specials>
+
+ atom_specials ::= "(" / ")" / "{" / SPACE / CTLs / "%" / "*" /
+ <"> / "\"
+
+ auth ::= "AUTH" 1*(SPACE / TAB) auth_type *(CRLF base64)
+ CRLF
+
+ auth_type ::= 1*ATOM_CHAR
+
+ base64 ::= *(4base64_CHAR) [base64_terminal]
+
+ base64_char ::= "A" / "B" / "C" / "D" / "E" / "F" / "G" / "H" /
+ "I" / "J" / "K" / "L" / "M" / "N" / "O" / "P" /
+ "Q" / "R" / "S" / "T" / "U" / "V" / "W" / "X" /
+ "Y" / "Z" /
+ "a" / "b" / "c" / "d" / "e" / "f" / "g" / "h" /
+ "i" / "j" / "k" / "l" / "m" / "n" / "o" / "p" /
+ "q" / "r" / "s" / "t" / "u" / "v" / "w" / "x" /
+ "y" / "z" /
+ "0" / "1" / "2" / "3" / "4" / "5" / "6" / "7" /
+ "8" / "9" / "+" / "/"
+ ;; Case-sensitive
+
+ base64_terminal ::= (2base64_char "==") / (3base64_char "=")
+
+ CHAR ::= <any 7-bit US-ASCII character except NUL,
+ 0x01 - 0x7f>
+
+ continue_req ::= "+" SPACE base64 CRLF
+
+ CR ::= <ASCII CR, carriage return, 0x0C>
+
+ CRLF ::= CR LF
+
+ CTL ::= <any ASCII control character and DEL,
+ 0x00 - 0x1f, 0x7f>
+
+
+
+
+Myers [Page 4]
+
+RFC 1734 POP3 AUTH December 1994
+
+
+ LF ::= <ASCII LF, line feed, 0x0A>
+
+ SPACE ::= <ASCII SP, space, 0x20>
+
+ TAB ::= <ASCII HT, tab, 0x09>
+
+
+
+4. References
+
+ [IMAP4-AUTH] Myers, J., "IMAP4 Authentication Mechanisms", RFC 1731,
+ Carnegie Mellon, December 1994.
+
+
+
+5. Security Considerations
+
+ Security issues are discussed throughout this memo.
+
+
+
+6. Author's Address
+
+ John G. Myers
+ Carnegie-Mellon University
+ 5000 Forbes Ave
+ Pittsburgh, PA 15213
+
+ EMail: jgm+@cmu.edu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Myers [Page 5]
+