[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure pop
> On Fri, 10 Sep 1999, Rick Ballard wrote:
> ~ Try setting up your pop clients and server to use APOP. It does not
> ~ send passwords in the clear. I am using it with an exim server and
> ~ pegasus clients. I think outlook can do APOP, but I'm not entirely
> ~ sure.
> hmm.. can you eleborate what authentication scheme does it use then?
APOP uses a shared secret and an MD5 hash of a timestamp from the
server plus the shared secret. APOP gets around the problem of transmitting
the POP password in the clear. It does not encrypt the message itself. Two
clients that can use APOP are Eudora and Pegasus. The Qpopper and
Pop3d POP servers can use APOP. See RFC1939. APOP is an optional
command in the POP protocol, and so is not implemented in all servers or
Halifax, Nova Scotia, Canada