[tpop3d-discuss] APOP + {crypt} together

Paul Makepeace beasts.org at paulm.com
Wed, 6 Aug 2003 15:56:09 +0100

Some clients appear to try APOP first then on failure have a go with
standard plaintext auth which typically is crypted on the server[1].
Since auth failures are syslogged as errors[2] this is cluttering up
"real" errors.

I can't see an obvious way of enabling both APOP & crypt since it's
all funnelled via auth-flatfile, unless I'm missing something in
the UK heat. One possible patch could be to have multiple usernames in
the file,


This would require a hack to read_user_password to scan for a particular
scheme too.



[1] Wow, reading it that way it really hits home what an anachronism
    that scheme is.
[2] Seems a bit strong to me.

Paul Makepeace ....................................... http://paulm.com/

"What is this feeling that overpowers me ina summer storm? A woman."
   -- http://paulm.com/toys/surrealism/