[EMAIL PROTECTED] writes: > For the user to send tmda-ofmipd this hashed value, doesn't the user > need to have access to the one-time challenge string from the pop > server?
No, this is all negotiated by the client (e.g, Eudora, tmda-ofmipd). The user just needs to know his "shared secret" which is substituted for his plaintext password. See http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1460.html for more about APOP. Do you think you might have use for APOP support in tmda-ofmipd? If so, I can try and hack it in. _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
