We *used* to use either AFS *or* MIT kerberos libraries to support KPOP, as
well as IMAP2bis with Pine and Simeon. However as we moved to mostly AFS
based mailspools this code was not useful since users now needed an AFS
token to get to their mail spool. You would need to pass the AFS token over
also, and I never bothered. There were too many mail clients out their that
I did not have source for. I have not been keen on the KeyFile sort of trick
that Ken was refering to either.
That said, using SSL to tunnel to the POP or IMAP server can also work.
The SPOP port is 995.
The SIMAP port is 993.
There is this little ssl program "edsll" that listens on an "SSL-port" and
forwards to the normal port. We have not put this in production, but have
been fiddeing with it in house.
We also expect to use this with our news/nntp server.
The SNEWS port is 563.
This way we can open our news server to users outside our domain as long as
they can authenticate (encrypted) to our servers. Since SSL is being
implemented in many clients now, we should not have to be too worried about
what software the users ISP's have. And since netscape is free....
This sort of solution is nice because users do not have to care what a given
sites backend authentication is (kerberos {4,5}, AFS tokens, NT ??, password
file, etc). They just type in their passwords (in an encrypted session) like
they would logging in.
Randall
