On Thu, Jul 31, 2003 at 12:11:35PM -0400, Kee Hinckley wrote:
along with some code in the APOP case that fell back to PASSWORD if the
APOP wasn't available. That would be a logical progression if APOP were
an authentication mechanism, but given that it's stored as a protocol
I'm iffy about making any such change.
So in summary. Why shouldn't we map APOP protocol requests into POP3
protocol requests with an authorization of APOP and put it in the normal
path of "find the most secure protocol" that is already there?
If I understand you correctly you are proposing having APOP fall back to
POP3 when it isn't available from the server? The problem I have with that
is that fetchmail will then be revealing passwords in the clear without the
express configuration of the admin. When I set it up for APOP I don't expect
my passwords to be going across the link, no matter what.
Brian
--
--[Inside 77.3F]--[Outside 74.0F]--[Gonzo 78.1F]--[Coaster 63.3F]--
Linux Software Developer http://www.brianlane.com
pgpcmrJClBtb5.pgp
Description: PGP signature