[tpop3d-discuss] Re: New feature thought / part of TODO / auth_perl_user hook?

Chris Lightfoot chris at ex-parrot.com
Thu, 23 Oct 2003 10:48:29 +0100


On Thu, Oct 09, 2003 at 10:05:26PM -0400, Dave Baker wrote:
> 
> It seems that apop_only doesn't (shouldn't?) have meaning within a TLS
> transaction so as a really quick hit to make tpop3d work for what I need
> (I just gained an outlook user ... it doesn't support apop, but will do
> tls so that was the final nudge into opening port 995 at the firewall).
> 
> As I recall (it may even have been me who requested apop_only in the first
> place ...) the only purpose of apop_only is to try to close the network
> connection without giving a plain-text client the opportunity for sending
> a password over the wire.  Depending on how much we trust SSL/TLS that
> requirement either disappears completely, or gets greatly obsoleted.
> 
> 
> Is this so obvious that I'm wasting my time mentioning it?  

No, this is sensible. I've now incorporated this into the
CVS version.

-- 
``I don't want to go to heaven with a headache.
  I'd be all cross and wouldn't enjoy it.''
  (from The Hitchhiker's Guide To The Galaxy, by Douglas Adams)