[tpop3d-discuss] APOP + {crypt} together
Paul Makepeace
beasts.org at paulm.com
Wed, 6 Aug 2003 15:56:09 +0100
Some clients appear to try APOP first then on failure have a go with
standard plaintext auth which typically is crypted on the server[1].
Since auth failures are syslogged as errors[2] this is cluttering up
"real" errors.
I can't see an obvious way of enabling both APOP & crypt since it's
all funnelled via auth-flatfile, unless I'm missing something in
the UK heat. One possible patch could be to have multiple usernames in
the file,
nick:ivXF9YywpuvK.
nick:{plaintext}password
This would require a hack to read_user_password to scan for a particular
scheme too.
Thoughts?
Paul
[1] Wow, reading it that way it really hits home what an anachronism
that scheme is.
[2] Seems a bit strong to me.
--
Paul Makepeace ....................................... http://paulm.com/
"What is this feeling that overpowers me ina summer storm? A woman."
-- http://paulm.com/toys/surrealism/