Varga Robert writes:
> The third is, as you can guess... is it possible to do APOP with shadow
> passwords? Is Qmail or some extensions able to do it together?
No. This procedure is not possible. According to the current physical and
logical laws of this universe, APOP requires that passwords be stored as
completely unencrypted, because APOP requires that the cleartext password
be available for computing and validating the MD5 hash.
You have the source code to both checkpassword pop3d available, so you
shouldn't have any problems writing your own custom password validation
scheme. The MD5 hash function is defined in RFC1321, and RFC1725 specifies
how APOP validation works.
--
Sam
