7 Network Working Group J. Myers
\r
8 Request for Comments: 1731 Carnegie Mellon
\r
9 Category: Standards Track December 1994
\r
12 IMAP4 Authentication Mechanisms
\r
16 This document specifies an Internet standards track protocol for the
\r
17 Internet community, and requests discussion and suggestions for
\r
18 improvements. Please refer to the current edition of the "Internet
\r
19 Official Protocol Standards" (STD 1) for the standardization state
\r
20 and status of this protocol. Distribution of this memo is unlimited.
\r
25 The Internet Message Access Protocol, Version 4 [IMAP4] contains the
\r
26 AUTHENTICATE command, for identifying and authenticating a user to an
\r
27 IMAP4 server and for optionally negotiating a protection mechanism
\r
28 for subsequent protocol interactions. This document describes
\r
29 several authentication mechanisms for use by the IMAP4 AUTHENTICATE
\r
33 2. Kerberos version 4 authentication mechanism
\r
35 The authentication type associated with Kerberos version 4 is
\r
38 The data encoded in the first ready response contains a random 32-bit
\r
39 number in network byte order. The client should respond with a
\r
40 Kerberos ticket and an authenticator for the principal
\r
41 "imap.hostname@realm", where "hostname" is the first component of the
\r
42 host name of the server with all letters in lower case and where
\r
43 "realm" is the Kerberos realm of the server. The encrypted checksum
\r
44 field included within the Kerberos authenticator should contain the
\r
45 server provided 32-bit number in network byte order.
\r
47 Upon decrypting and verifying the ticket and authenticator, the
\r
48 server should verify that the contained checksum field equals the
\r
49 original server provided random 32-bit number. Should the
\r
50 verification be successful, the server must add one to the checksum
\r
51 and construct 8 octets of data, with the first four octets containing
\r
52 the incremented checksum in network byte order, the fifth octet
\r
53 containing a bit-mask specifying the protection mechanisms supported
\r
54 by the server, and the sixth through eighth octets containing, in
\r
60 RFC 1731 IMAP4 Authentication Mechanisms December 1994
\r
63 network byte order, the maximum cipher-text buffer size the server is
\r
64 able to receive. The server must encrypt the 8 octets of data in the
\r
65 session key and issue that encrypted data in a second ready response.
\r
66 The client should consider the server authenticated if the first four
\r
67 octets the un-encrypted data is equal to one plus the checksum it
\r
70 The client must construct data with the first four octets containing
\r
71 the original server-issued checksum in network byte order, the fifth
\r
72 octet containing the bit-mask specifying the selected protection
\r
73 mechanism, the sixth through eighth octets containing in network byte
\r
74 order the maximum cipher-text buffer size the client is able to
\r
75 receive, and the following octets containing a user name string. The
\r
76 client must then append from one to eight octets so that the length
\r
77 of the data is a multiple of eight octets. The client must then PCBC
\r
78 encrypt the data with the session key and respond to the second ready
\r
79 response with the encrypted data. The server decrypts the data and
\r
80 verifies the contained checksum. The username field identifies the
\r
81 user for whom subsequent IMAP operations are to be performed; the
\r
82 server must verify that the principal identified in the Kerberos
\r
83 ticket is authorized to connect as that user. After these
\r
84 verifications, the authentication process is complete.
\r
86 The protection mechanisms and their corresponding bit-masks are as
\r
89 1 No protection mechanism
\r
90 2 Integrity (krb_mk_safe) protection
\r
91 4 Privacy (krb_mk_priv) protection
\r
94 EXAMPLE: The following are two Kerberos version 4 login scenarios
\r
95 (note that the line breaks in the sample authenticators are for
\r
96 editorial clarity and are not in real authenticators)
\r
98 S: * OK IMAP4 Server
\r
99 C: A001 AUTHENTICATE KERBEROS_V4
\r
101 C: BAcAQU5EUkVXLkNNVS5FRFUAOCAsho84kLN3/IJmrMG+25a4DT
\r
102 +nZImJjnTNHJUtxAA+o0KPKfHEcAFs9a3CL5Oebe/ydHJUwYFd
\r
103 WwuQ1MWiy6IesKvjL5rL9WjXUb9MwT9bpObYLGOKi1Qh
\r
105 C: DiAF5A4gA+oOIALuBkAAmw==
\r
106 S: A001 OK Kerberos V4 authentication successful
\r
116 RFC 1731 IMAP4 Authentication Mechanisms December 1994
\r
119 S: * OK IMAP4 Server
\r
120 C: A001 AUTHENTICATE KERBEROS_V4
\r
122 C: BAcAQU5EUkVXLkNNVS5FRFUAOCAsho84kLN3/IJmrMG+25a4DT
\r
123 +nZImJjnTNHJUtxAA+o0KPKfHEcAFs9a3CL5Oebe/ydHJUwYFd
\r
124 WwuQ1MWiy6IesKvjL5rL9WjXUb9MwT9bpObYLGOKi1Qh
\r
125 S: A001 NO Kerberos V4 authentication failed
\r
128 3. GSSAPI authentication mechanism
\r
130 The authentication type associated with all mechanisms employing the
\r
131 GSSAPI [RFC1508] is "GSSAPI".
\r
133 The first ready response issued by the server contains no data. The
\r
134 client should call GSS_Init_sec_context, passing in 0 for
\r
135 input_context_handle (initially) and a targ_name equal to output_name
\r
136 from GSS_Import_Name called with input_name_type of NULL and
\r
137 input_name_string of "SERVICE:imap@hostname" where "hostname" is the
\r
138 fully qualified host name of the server with all letters in lower
\r
139 case. The client must then respond with the resulting output_token.
\r
140 If GSS_Init_sec_context returns GSS_CONTINUE_NEEDED, then the client
\r
141 should expect the server to issue a token in a subsequent ready
\r
142 response. The client must pass the token to another call to
\r
143 GSS_Init_sec_context.
\r
145 If GSS_Init_sec_context returns GSS_COMPLETE, then the client should
\r
146 respond with any resulting output_token. If there is no
\r
147 output_token, the client should respond with no data. The client
\r
148 should then expect the server to issue a token in a subsequent ready
\r
149 response. The client should pass this token to GSS_Unseal and
\r
150 interpret the first octet of resulting cleartext as a bit-mask
\r
151 specifying the protection mechanisms supported by the server and the
\r
152 second through fourth octets as the maximum size output_message to
\r
153 send to the server. The client should construct data, with the first
\r
154 octet containing the bit-mask specifying the selected protection
\r
155 mechanism, the second through fourth octets containing in network
\r
156 byte order the maximum size output_message the client is able to
\r
157 receive, and the remaining octets containing a user name string. The
\r
158 client must pass the data to GSS_Seal with conf_flag set to FALSE,
\r
159 and respond with the generated output_message. The client can then
\r
160 consider the server authenticated.
\r
162 The server must issue a ready response with no data and pass the
\r
163 resulting client supplied token to GSS_Accept_sec_context as
\r
164 input_token, setting acceptor_cred_handle to NULL (for "use default
\r
165 credentials"), and 0 for input_context_handle (initially). If
\r
166 GSS_Accept_sec_context returns GSS_CONTINUE_NEEDED, the server should
\r
172 RFC 1731 IMAP4 Authentication Mechanisms December 1994
\r
175 return the generated output_token to the client in a ready response
\r
176 and pass the resulting client supplied token to another call to
\r
177 GSS_Accept_sec_context.
\r
179 If GSS_Accept_sec_context returns GSS_COMPLETE, then if an
\r
180 output_token is returned, the server should return it to the client
\r
181 in a ready response and expect a reply from the client with no data.
\r
182 Whether or not an output_token was returned, the server then should
\r
183 then construct 4 octets of data, with the first octet containing a
\r
184 bit-mask specifying the protection mechanisms supported by the server
\r
185 and the second through fourth octets containing in network byte order
\r
186 the maximum size output_token the server is able to receive. The
\r
187 server must then pass the plaintext to GSS_Seal with conf_flag set to
\r
188 FALSE and issue the generated output_message to the client in a ready
\r
189 response. The server must then pass the resulting client supplied
\r
190 token to GSS_Unseal and interpret the first octet of resulting
\r
191 cleartext as the bit-mask for the selected protection mechanism, the
\r
192 second through fourth octets as the maximum size output_message to
\r
193 send to the client, and the remaining octets as the user name. Upon
\r
194 verifying the src_name is authorized to authenticate as the user
\r
195 name, The server should then consider the client authenticated.
\r
197 The protection mechanisms and their corresponding bit-masks are as
\r
200 1 No protection mechanism
\r
201 2 Integrity protection.
\r
202 Sender calls GSS_Seal with conf_flag set to FALSE
\r
203 4 Privacy protection.
\r
204 Sender calls GSS_Seal with conf_flag set to TRUE
\r
207 4. S/Key authentication mechanism
\r
209 The authentication type associated with S/Key [SKEY] is "SKEY".
\r
211 The first ready response issued by the server contains no data. The
\r
212 client responds with the user name string.
\r
214 The data encoded in the second ready response contains the decimal
\r
215 sequence number followed by a single space and the seed string for
\r
216 the indicated user. The client responds with the one-time-password,
\r
217 as either a 64-bit value in network byte order or encoded in the "six
\r
218 English words" format.
\r
220 Upon successful verification of the one-time-password, the server
\r
221 should consider the client authenticated.
\r
228 RFC 1731 IMAP4 Authentication Mechanisms December 1994
\r
231 S/Key authentication does not provide for any protection mechanisms.
\r
234 EXAMPLE: The following are two S/Key login scenarios.
\r
236 S: * OK IMAP4 Server
\r
237 C: A001 AUTHENTICATE SKEY
\r
240 S: + OTUgUWE1ODMwOA==
\r
241 C: Rk9VUiBNQU5OIFNPT04gRklSIFZBUlkgTUFTSA==
\r
242 S: A001 OK S/Key authentication successful
\r
245 S: * OK IMAP4 Server
\r
246 C: A001 AUTHENTICATE SKEY
\r
249 S: + OTUgUWE1ODMwOA==
\r
251 S: A001 NO S/Key authentication failed
\r
256 [IMAP4] Crispin, M., "Internet Message Access Protocol - Version 4",
\r
257 RFC 1730, University of Washington, December 1994.
\r
259 [RFC1508] Linn, J., "Generic Security Service Application Program
\r
260 Interface", RFC 1508, Geer Zolot Associates, September 1993.
\r
262 [SKEY] Haller, Neil M. "The S/Key One-Time Password System",
\r
263 Bellcore, Morristown, New Jersey, October 1993,
\r
264 thumper.bellcore.com:pub/nmh/docs/ISOC.symp.ps
\r
284 RFC 1731 IMAP4 Authentication Mechanisms December 1994
\r
287 6. Security Considerations
\r
289 Security issues are discussed throughout this memo.
\r
292 7. Author's Address
\r
295 Carnegie-Mellon University
\r
297 Pittsburgh PA, 15213-3890
\r
299 EMail: jgm+@cmu.edu
\r