Re: What is APOP?

At 07:11 PM 7/2/2000 , Tom Fishwick wrote: Adam McKenna wrote: [snip] auth. Sure it's not totally secure, but I think it protects well enough against the average user that checks for new mail every 5 min. Especially (as was pointed out earlier) since the item the password is protecting was

Re: What is APOP?

On Sun, Jul 02, 2000 at 08:43:56PM -0500, Troy Frericks wrote: At 07:11 PM 7/2/2000 , Tom Fishwick wrote: Adam McKenna wrote: [snip] auth. Sure it's not totally secure, but I think it protects well enough against the average user that checks for new mail every 5 min. Especially (as

Re: What is APOP?

Adam McKenna wrote: On Sun, Jul 02, 2000 at 11:47:20PM +0200, Peter van Dijk wrote: On Sun, Jul 02, 2000 at 12:53:04PM -0700, Joseph R. Junkin wrote: What exactly is APOP? APOP is an authentication mechanism for POP, in which passwords are not transmitted cleartext but *do* need

Re: What is APOP?

Adam McKenna wrote: On Sun, Jul 02, 2000 at 11:47:20PM +0200, Peter van Dijk wrote: On Sun, Jul 02, 2000 at 12:53:04PM -0700, Joseph R. Junkin wrote: What exactly is APOP? APOP is an authentication mechanism for POP, in which passwords are not transmitted cleartext but *do* need

Re: What is APOP?

On Sun, Jul 02, 2000 at 04:52:25PM -0700, Tom Fishwick wrote: Adam McKenna wrote: On Sun, Jul 02, 2000 at 11:47:20PM +0200, Peter van Dijk wrote: On Sun, Jul 02, 2000 at 12:53:04PM -0700, Joseph R. Junkin wrote: What exactly is APOP? APOP is an authentication mechanism for POP

What is APOP?

What exactly is APOP? Is it supported by outlook and Netscape (ie typical clients)? At qmail.org, I found : http://www.geocities.co.jp/SiliconValley/4777/qmail/checkpw/index.html This program seems to put the qmail password into the user's directory for both POP and APOP. Is the idea to allow

Re: What is APOP?

On Sun, Jul 02, 2000 at 12:53:04PM -0700, Joseph R. Junkin wrote: What exactly is APOP? APOP is an authentication mechanism for POP, in which passwords are not transmitted cleartext but *do* need to be in a cleartext-list on the server. Is it supported by outlook and Netscape (ie typical

Re: What is APOP?

On Sun, Jul 02, 2000 at 11:47:20PM +0200, Peter van Dijk wrote: On Sun, Jul 02, 2000 at 12:53:04PM -0700, Joseph R. Junkin wrote: What exactly is APOP? APOP is an authentication mechanism for POP, in which passwords are not transmitted cleartext but *do* need to be in a cleartext-list

Re: What is APOP?

Initially I thought I saw your point, but I was wrong. You don't seem to be making any sense. On Sun, Jul 02, 2000 at 10:17:23PM -0400, Adam McKenna wrote: [this sentence originally came after the next quoted block] If he can find a security hole that allows him to read files that don't

Re: What is APOP?

Adam McKenna wrote: On Sun, Jul 02, 2000 at 04:52:25PM -0700, Tom Fishwick wrote: Adam McKenna wrote: On Sun, Jul 02, 2000 at 11:47:20PM +0200, Peter van Dijk wrote: On Sun, Jul 02, 2000 at 12:53:04PM -0700, Joseph R. Junkin wrote: What exactly is APOP? APOP

Re: What is APOP?

On Mon, Jul 03, 2000 at 12:17:05AM -0400, Adam McKenna wrote: On Sun, Jul 02, 2000 at 08:44:23PM -0700, Brian D. Winters wrote: Make the list readable only by root. Now a local user effectively needs root access to read the APOP secrets. Once that local user has rooted the box, I don't