[EMAIL PROTECTED] writes: > As I understand it, in order for a client that connects to > tmda-ofmipd to be able to use the APOP form of authentication, it > would need to somehow obtain what is referred to as a timestamp in > the aforementioned document:
No. Only tmda-ofmipd needs to worry about that timestamp since only it is interacting with the pop3 server. A normal use of APOP is say between an MUA like Eudora, and a pop3 server. The user enters his username and shared secret into his Eudora configuration. When he retrieves his incoming mail, Eudora handles the APOP negotiation with the server. The user need not be concerned with these details. Right? tmda-ofmipd is substituted for Eudora in this equation. You would use your APOP username and shared secret as the username/password in the SMTP authentication configuration of whatever MUA you are using. When that MUA connects to tmda-ofmipd, it uses the username and shared secret to authenticate. Once tmda-ofmipd has these pieces, it will connect to the pop3 server and perform APOP authentication to verify them. > So, how does the client's software obtain this timestamp when > connecting to tmda-ofmipd -- and how is it that the client would > know to perform: > > MD5(timestamp + secret) > > given that it thinks it is speaking SMTP AUTH? The client gives secret to tmda-ofmipd when authenticating. Once tmda-ofmipd has secret, it uses it to do the APOP authentication. Therefore it isn't necessary for the client to do this. Remember, the client isn't performing any pop3 operations. It is simply using the pop3 auth information to do SMTP authentication to send outgoing mail. Does this make more sense? Either I've confused you further, or that helped. > [1] I doubt I'm the only admin on the planet who only allows APOP > access to the pop server (-; True. I've now added APOP support to tmda-ofmipd. Give it a try and see if that helps clarify things. Start tmda-ofmipd with something like: # tmda-ofmipd -d -R apop://acl.lanl.gov In your MUA, remember that you have to use either LOGIN or PLAIN (not CRAM-MD5) for the SMTP auth method. For your SMTP auth username, enter your APOP username, and for your SMTP auth password, enter your APOP shared secret phrase. Watching the tmda-ofmipd debugging info, you'll see something like the following when the client authenticates successfully: Data: 'AUTH PLAIN' Data: 'AGphc29ucm0AZmx1bmtlcno=' trying apop connection to [EMAIL PROTECTED]:110 Auth: succeeded for user 'jasonrm' Let me know how it goes. _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
