[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure pop

To: misc@openbsd.org
Subject: Re: Secure pop
From: "Rick Ballard" <RBallard@fox.nstn.ca>
Date: Sun, 12 Sep 1999 14:55:27 -0300
References: <E11PUEl-00046j-00@mgate1.atl.sofkin.ca>

> On Fri, 10 Sep 1999, Rick Ballard wrote:
> 
> ~ 
> ~ Try setting up your pop clients and server to use APOP. It does not 
> ~ send passwords in the clear. I am using it with an exim server and 
> ~ pegasus clients. I think outlook can do APOP, but I'm not entirely 
> ~ sure.
> 
>  hmm.. can you eleborate what authentication scheme does it use then?

APOP uses a shared secret and an MD5 hash of a timestamp from the 
server plus the shared secret. APOP gets around the problem of transmitting 
the POP password in the clear. It does not encrypt the message itself. Two 
clients that can use APOP are Eudora and Pegasus. The Qpopper and 
Pop3d POP servers can use APOP. See RFC1939. APOP is an optional 
command in the POP protocol, and so is not implemented in all servers or 
clients.

--
Rick Ballard
Halifax, Nova Scotia, Canada

References:
- Re: Secure pop?
  - From: "Rick Ballard" <RichardBallard@xwavesolutions.com>
- Re: Secure pop
  - From: CyberPsychotic <mlists@gizmo.kyrnet.kg>

Prev by Date: Re: POP server
Next by Date: Re: PPP Server
Prev by thread: Re: Secure pop
Next by thread: Re: Secure pop?
Index(es):
- Date
- Thread