On Wed, 16 Jun 1999, Sam wrote:
> Varga Robert writes:
>
> > The third is, as you can guess... is it possible to do APOP with shadow
> > passwords? Is Qmail or some extensions able to do it together?
>
> No. This procedure is not possible. According to the current physical and
> logical laws of this universe, APOP requires that passwords be stored as
> completely unencrypted, because APOP requires that the cleartext password
> be available for computing and validating the MD5 hash.
>
This probably means that the APOP database cannot be automatically
refreshed when the user changes his/her password by passwd.
Robert Varga
