Jonghoon writes:
> I am running popper daemon on afs client for reading e-mail with Eudora.
> But I'm not sure popper daemon can authenticate AFS password.
> I appreciate if someone let me know how to make popper authenticate AFS
> password.
If you are going to use kerberos, it is strongly preferable
to use kpop instead of pop. Plain pop sends passwords
over the wire in the clear. This enables any malicious
person anywhere on the network path to trivially obtain
a copy of any password(s) used. One of the main features
of kerberos is that a person sniffing on the wire cannot
obtain passwords (*provided the person has selected a
good password). If you were to use plain pop with
an adapted pop server that could verify kerberos passwords,
you would be significantly compromising the usefulness
of kerberos in your environment.
I *believe* recent versions of eudora support kpop.
You should consult with the eudora people to find out
just how complete that support is. However, there is
a fair chance that it can be made to work with kpop
without too much difficulty. You will probably need
authman (macintosh) or mit's kerberos dll (ms windows);
current versions of both of these support AFS string
to key and should suffice for your environment.
There are plenty of copies of pop daemons that support
kpop. The one my workgroup happens to use is:
/afs/umich.edu/group/itd/ftp/sysadm/mail/kpop-1.831.tar.Z
(but read README file before using). I assume you have
a compiled kerberos library to link with this; if
not, chances are this is useless.
-Marcus Watts
UM ITD PD&D Umich Systems Group
