On Sun, Jul 02, 2000 at 04:52:25PM -0700, Tom Fishwick wrote:
> Adam McKenna wrote:
> >
> > On Sun, Jul 02, 2000 at 11:47:20PM +0200, Peter van Dijk wrote:
> > > On Sun, Jul 02, 2000 at 12:53:04PM -0700, Joseph R. Junkin wrote:
> > > > What exactly is APOP?
> > >
> > > APOP is an authentication mechanism for POP, in which passwords are not
> > > transmitted cleartext but *do* need to be in a cleartext-list on the
> > > server.
> >
> > Which is the reason I'll never use it.
>
> The way I understand it is that apop uses more of a secret and not a password. I
>just finished
> putting in apop support for a pop server I wrote for a webmail system. Users don't
>use their normal
> password, but instead have the server generate a random secret that is about 50
>characters long,
> then they cut/paste that secret into their MUA. Also, according to rfc1939 a pop3
>account
> shouldn't allow both user/pass and apop for a given user.
First of all, I really didn't need 4 copies of that e-mail.
What I said was that I'll never use APOP because it requires the passwords to
be stored in cleartext on the server. Which part of that are you disagreeing
with?
--Adam
