Share via

3.1.5.1 Receiving a Server Challenge

  • Article

When the client receives a 334 response, as specified in [RFC4954] section 6, it SHOULD check whether the response matches the format specified by the auth_login_username_challenge or auth_login_password_challenge ABNF rules, as specified in section 2.2.2. If the response does not match either format, it SHOULD cancel the authentication, as specified in [RFC4954]. The client MAY<3> instead simply assume that the server challenges are in the proper format, according to the following rules:

  • If the client omits the Username in the auth_login_command, the client assumes that the first server challenge matches the auth_login_username_challenge ABNF rule and any subsequent server challenge matches the auth_login_password_challenge ABNF rule. The client MAY cancel the authentication if a third server challenge is received.

  • If the client includes the Username in the auth_login_command, the client assumes that the first server challenge matches the auth_login_password_challenge ABNF rule. The client MAY cancel the authentication if a second server challenge is received.

In response to a challenge that matches the auth_login_username_challenge ABNF rule, the client MUST send a response that conforms to the auth_login_username_response ABNF rule with the Username, as specified in section 2.2.2.

In response to a challenge that matches the auth_login_password_challenge ABNF rule, the client MUST send a response that conforms to the auth_login_password_response ABNF rule with the Password, as specified in section 2.2.2.