1、外文文献原文SMTPServiceExtensionforAuthenticationThisdocumentspecifiesanInternetstandardstrackprotocolfortheInternetcommunity/andrequestsdiscussionandsuggestionsforimprovements/PleaserefertothecurrenteditionoftheInternetOfficialProtocolStandards(STD1)forthestandardizationstateandstatusofthisprotocol/Distr
2、ibutionofthismemoisunlimited/CopyrightNoticeCopyright(C)TheInternetSociety(1999)/AllRightsReserved/1/IntroductionThisdocumentdefinesanSMTPserviceextensionESMTPwherebyanSMTPclientmayindicateanauthenticationmechanismtotheserver/performanauthenticationprotocolexchange/andoptionallynegotiateasecuritylay
3、erforsubsequentprotocolinteractions/ThisextensionisaprofileoftheSimpleAuthenticationandSecurityLayerSASL/2/ConventionsUsedinthisDocumentInexamples/C/andS/indicatelinessentbytheclientandserverrespectively/ThekeywordsMUST/MUSTNOT/SHOULD/SHOULDNOT/andMAYinthisdocumentaretobeinterpretedasdefinedinKeywor
4、dsforuseinRFCstoIndicateRequirementLevelsKEYWORDS/3/TheAuthenticationserviceextension(1)thenameoftheSMTPserviceextensionisAuthentication(2)theEHLOkeywordvalueassociatedwiththisextensionisAUTH(3)TheAUTHEHLOkeywordcontainsasaparameteraspaceseparatedlistofthenamesofsupportedSASLmechanisms/(4)anewSMTPve
5、rbAUTHisdefined(5)anoptionalparameterusingthekeywordAUTHisaddedtotheMAILFROMcommand/andextendsthemaximumlinelengthoftheMAILFROMcommandby500characters/(6)thisextensionisappropriateforthesubmissionprotocolSUBMIT/4/TheAUTHcommandAUTHmechanisminitial-responseArguments/astringidentifyingaSASLauthenticati
6、onmechanism/anoptionalbase64-encodedresponseRestrictions/AfteranAUTHcommandhassuccessfullycompleted/nomoreAUTHcommandsmaybeissuedinthesamesession/AfterasuccessfulAUTHcommandcompletes/aserverMUSTrejectanyfurtherAUTHcommandswitha503reply/TheAUTHcommandisnotpermittedduringamailtransaction/Discussion/Th
7、eAUTHcommandindicatesanauthenticationmechanismtotheserver/Iftheserversupportstherequestedauthenticationmechanism/itperformsanauthenticationprotocolexchangetoauthenticateandidentifytheuser/Optionally/italsonegotiatesasecuritylayerforsubsequentprotocolinteractions/Iftherequestedauthenticationmechanism
8、isnotsupported/theserverrejectstheAUTHcommandwitha504reply/Theauthenticationprotocolexchangeconsistsofaseriesofserverchallengesandclientanswersthatarespecifictotheauthenticationmechanism/Aserverchallenge/otherwiseknownasareadyresponse/isa334replywiththetextpartcontainingaBASE64encodedstring/Theclien
9、tanswerconsistsofalinecontainingaBASE64encodedstring/Iftheclientwishestocancelanauthenticationexchange/itissuesalinewithasingle*/Iftheserverreceivessuchananswer/itMUSTrejecttheAUTHcommandbysendinga501reply/Theoptionalinitial-responseargumenttotheAUTHcommandisusedtosavearoundtripwhenusingauthenticati
10、onmechanismsthataredefinedtosendnodataintheinitialchallenge/Whentheinitial-responseargumentisusedwithsuchamechanism/theinitialemptychallengeisnotsenttotheclientandtheserverusesthedataintheinitial-responseargumentasifitweresentinresponsetotheemptychallenge/Unlikeazero-lengthclientanswertoa334reply/az
11、ero-lengthinitialresponseissentasasingleequalssign(=)/Iftheclientusesaninitial-responseargumenttotheAUTHcommandwithamechanismthatsendsdataintheinitialchallenge/theserverrejectstheAUTHcommandwitha535reply/IftheservercannotBASE64decodetheargument/itrejectstheAUTHcommandwitha501reply/Iftheserverrejects
12、theauthenticationdata/itSHOULDrejecttheAUTHcommandwitha535replyunlessamorespecificerrorcode/suchasonelistedinsection6/isappropriate/Shouldtheclientsuccessfullycompletetheauthenticationexchange/theSMTPserverissuesa235reply/TheservicenamespecifiedbythisprotocolsprofileofSASLissmtp/Ifasecuritylayerisne
13、gotiatedthroughtheSASLauthenticationexchange/ittakeseffectimmediatelyfollowingtheCRLFthatconcludestheauthenticationexchangefortheclient/andtheCRLFofthesuccessreplyfortheserver/Uponasecuritylayerstakingeffect/theSMTPprotocolisresettotheinitialstate(thestateinSMTPafteraserverissuesa220servicereadygree
14、ting)/TheserverMUSTdiscardanyknowledgeobtainedfromtheclient/suchastheargumenttotheEHLOcommand/whichwasnotobtainedfromtheSASLnegotiationitself/TheclientMUSTdiscardanyknowledgeobtainedfromtheserver/suchasthelistofSMTPserviceextensions/whichwasnotobtainedfromtheSASLnegotiationitself(withtheexceptiontha
15、taclientMAYcomparethelistofadvertisedSASLmechanismsbeforeandafterauthenticationinordertodetectanactivedown-negotiationattack)/TheclientSHOULDsendanEHLOcommandasthefirstcommandafterasuccessfulSASLnegotiationwhichresultsintheenablingofasecuritylayer/Theserverisnotrequiredtosupportanyparticularauthenti
16、cationmechanism/norareauthenticationmechanismsrequiredtosupportanysecuritylayers/IfanAUTHcommandfails/theclientmaytryanotherauthenticationmechanismbyissuinganotherAUTHcommand/IfanAUTHcommandfails/theserverMUSTbehavethesameasiftheclienthadnotissuedtheAUTHcommand/TheBASE64stringmayingeneralbearbitrari
17、lylong/ClientsandserversMUSTbeabletosupportchallengesandresponsesthatareaslongasaregeneratedbytheauthenticationmechanismstheysupport/independentofanylinelengthlimitationstheclientorservermayhaveinotherpartsofitsprotocolimplementation/Examples/S/ESMTPserverreadyC/EHLOS/250-S/250AUTHCRAM-MD5DIGEST-MD5
18、C/AUTHFOOBARS/504Unrecognizedauthenticationtype/C/AUTHCRAM-MD5S/334PENCeUxFREJoU0NnbmhNWitOMjNGNndAZWx3b29kLmlubm9zb2Z0LmNvbT4=C/ZnJlZCA5ZTk1YWVlMDljNDBhZjJiODRhMGMyYjNiYmFlNzg2ZQ=S/235Authenticationsuccessful/5/TheAUTHparametertotheMAILFROMcommandAUTH=addr-specArguments/Anaddr-speccontainingtheiden
19、titywhichsubmittedthemessagetothedeliverysystem/orthetwocharactersequenceindicatingsuchanidentityisunknownorinsufficientlyauthenticated/TocomplywiththerestrictionsimposedonESMTPparameters/theaddr-specisencodedinsideanxtext/Thesyntaxofanxtextisdescribedinsection5ofESMTP-DSN/Discussion/TheoptionalAUTH
20、parametertotheMAILFROMcommandallowscooperatingagentsinatrustedenvironmenttocommunicatetheauthenticationofindividualmessages/Iftheservertruststheauthenticatedidentityoftheclienttoassertthatthemessagewasoriginallysubmittedbythesuppliedaddr-spec/thentheserverSHOULDsupplythesameaddr-specinanAUTHparameterwhenrelayingthemessagetoany
免责声明:
1. 《外文翻译--SMTP服务扩展的认证机制》内容来源于互联网,版权归原著者或相关公司所有。
2. 若《86561825文库网》收录的文本内容侵犯了您的权益或隐私,请立即通知我们删除。