Loading...

fetchmail-friends@lists.ccil.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: [fetchmail] Why is APOP a protocol and not an authentication mechanism? bcl Wed Aug 06 16:00:49 2003

On Tue, Aug 05, 2003 at 09:54:48AM -0400, Kee Hinckley wrote:
> Can anyone see any problems (which is to say, would it be accepted) 
> if I generated a patch that allowed specifying APOP as an 
> authentication?  I wouldn't change the protocol option at all, so 
> nothing would change in that behavior.
> 
> The only behavioral changes would be:
>       protocol POP3 and auth APOP would work
> and
>       protocol POP3 and auth ANY would try APOP (if it is supported)
>       immediately after trying CRAM-MD5
> 
> The reason is that I'm trying to automatically find the most secure 
> method to connect to someone's POP3 server, and it's currently not 
> possible to do that by using AUTH any, because on many servers it 
> will fall back to password even though it could have done APOP.
> 
> Comments?

Sounds like a very good idea to me, and it makes more sense -- APOP is not a
protocol, its an authentication. The only difference from POP3 is at the
start of the session.

Brian

-- 
--[Inside 72.5F]--[Outside 56.6F]--[Gonzo 74.2F]--[Coaster 56.1F]--
Linux Software Developer                     http://www.brianlane.com