On Tue, Aug 05, 2003 at 09:54:48AM -0400, Kee Hinckley wrote:
Can anyone see any problems (which is to say, would it be accepted)
if I generated a patch that allowed specifying APOP as an
authentication? I wouldn't change the protocol option at all, so
nothing would change in that behavior.
The only behavioral changes would be:
protocol POP3 and auth APOP would work
protocol POP3 and auth ANY would try APOP (if it is supported)
immediately after trying CRAM-MD5
The reason is that I'm trying to automatically find the most secure
method to connect to someone's POP3 server, and it's currently not
possible to do that by using AUTH any, because on many servers it
will fall back to password even though it could have done APOP.
Sounds like a very good idea to me, and it makes more sense -- APOP is not a
protocol, its an authentication. The only difference from POP3 is at the
start of the session.
--[Inside 72.5F]--[Outside 56.6F]--[Gonzo 74.2F]--[Coaster 56.1F]--
Linux Software Developer http://www.brianlane.com
Description: PGP signature