From 0e7ff9cb9b8483e188febe76ccffefb66d75c97e Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Fri, 6 Apr 2007 18:01:39 +0000 Subject: Flank APOP by comments about it being insecure. svn path=/branches/BRANCH_6-3/; revision=5084 --- fetchmail-FAQ.html | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'fetchmail-FAQ.html') diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index 034a4111..f6b26e93 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -627,11 +627,12 @@ autoprobe facility will detect it and tell you if you have it). If you see something in the greeting line that looks like an angle-bracket-enclosed Internet address with a numeric left-hand part, that's an APOP challenge (it will vary each time you log in). -You can register a secret on the host (using -popauth(8) or some program like it). Specify the +For some hosts, you need to register a secret on the host (using +popauth(8) or some program like that). Specify the secret as your password in your .fetchmailrc; it will be used to encrypt the current challenge, and the encrypted form will be sent -back the the server for verification.

+back the the server for verification. Note that APOP is no longer +considered secure since March 2007.

Alternatively, you may have Kerberos available. This may require you to set up some magic files in your home directory on your @@ -647,8 +648,8 @@ present by looking for AUTH=KERBEROS_V4 in the CAPABILITY response.

If you are fetching mail from a CompuServe POP3 account, you can -use their RPA authentication (which works much like APOP). See I1 for details. If you are fetching mail from +use their RPA authentication. See I1 for details. +If you are fetching mail from Microsoft Exchange using IMAP, you will be able to use NTLM.

Your POP3 server may have the RFC1938 OTP capability to use -- cgit v1.2.3