James Server
  1. James Server
  2. JAMES-126

Add support for APOP authentication protocol

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 2.1
    • Fix Version/s: 3.0-M1
    • Component/s: POP3Server
    • Labels:
      None
    • Environment:
      Operating System: Other
      Platform: Other

      Description

      APOP is POP with an encrypted password. For details, see:

      http://asg.web.cmu.edu/rfc/rfc1725.html

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Closed Closed
        2522d 10h 29m 1 Norman Maurer 30/Jul/10 11:54
        Mark Thomas made changes -
        Workflow Default workflow, editable Closed status [ 12566688 ] jira [ 12582209 ]
        Mark Thomas made changes -
        Workflow jira [ 23453 ] Default workflow, editable Closed status [ 12566688 ]
        Norman Maurer made changes -
        Fix Version/s 3.0-M1 [ 12314294 ]
        Fix Version/s Trunk [ 12312135 ]
        Norman Maurer made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Won't Fix [ 2 ]
        Hide
        Norman Maurer added a comment -

        We don't store passwords in plan text so no way to support this

        Show
        Norman Maurer added a comment - We don't store passwords in plan text so no way to support this
        Stefano Bagnara made changes -
        Fix Version/s Next Major [ 10427 ]
        Fix Version/s Trunk [ 12312135 ]
        Norman Maurer made changes -
        Fix Version/s 3.0 [ 10427 ]
        Fix Version/s 2.4.0 [ 12311645 ]
        Hide
        Stefano Bagnara added a comment -

        The problem with APOP is that James currently does not store the user password in plain text but only an hash of the password itself. The verification algorythm for APOP need to know the plain text password to calculate the MD5 digest so to support APOP we should prior support different hashing algorythm and provide APOP only when the PLAIN (NONE) hash is chose.

        Show
        Stefano Bagnara added a comment - The problem with APOP is that James currently does not store the user password in plain text but only an hash of the password itself. The verification algorythm for APOP need to know the plain text password to calculate the MD5 digest so to support APOP we should prior support different hashing algorythm and provide APOP only when the PLAIN (NONE) hash is chose.
        Stefano Bagnara made changes -
        Bugzilla Id 22893
        Fix Version/s 2.4.0 [ 12311645 ]
        Noel J. Bergman made changes -
        Environment Operating System: Other
        Platform: Other
        Operating System: Other
        Platform: Other
        Type Bug [ 1 ] New Feature [ 2 ]
        Assignee James Developers Mailing List [ server-dev@james.apache.org ]
        Priority Minor [ 4 ]
        Description APOP is POP with an encrypted password. For details, see:

        http://asg.web.cmu.edu/rfc/rfc1725.html
        APOP is POP with an encrypted password. For details, see:

        http://asg.web.cmu.edu/rfc/rfc1725.html
        Serge Knystautas made changes -
        Field Original Value New Value
        issue.field.bugzillaimportkey 22893 13458
        Hide
        Noel J. Bergman added a comment -

        According to the page you referenced:

        • Secure Password Authentication (SPA) only supports Active Directory
          integrated authentication and local Windows accounts authentication.
        • If you are using an e-mail client other than Outlook Express, check
          your product documentation for information about how to configure
          your e-mail client to use Secure Password Authentication (SPA)
          (also known as NTLM Authentication).

        SPA is not APOP, according to Microsoft.

        Again, feel free to submit an APOP patch, but I don't believe that you will
        get the results you expect.

        Show
        Noel J. Bergman added a comment - According to the page you referenced: Secure Password Authentication (SPA) only supports Active Directory integrated authentication and local Windows accounts authentication. If you are using an e-mail client other than Outlook Express, check your product documentation for information about how to configure your e-mail client to use Secure Password Authentication (SPA) (also known as NTLM Authentication). SPA is not APOP, according to Microsoft. Again, feel free to submit an APOP patch, but I don't believe that you will get the results you expect.
        Hide
        Matt Bishop added a comment -

        Sorry, I spent some time this weekend helping someone set up their client to use SMTP Auth.

        Outlook does support APOP, though they call it "Secure Password Authentication":

        http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/
        windowsserver2003/proddocs/entserver/POP3_howTo_server_enableSPA.asp

        Outlook for Mac OS:
        http://support.microsoft.com/default.aspx?scid=kb;en-us;300506

        Show
        Matt Bishop added a comment - Sorry, I spent some time this weekend helping someone set up their client to use SMTP Auth. Outlook does support APOP, though they call it "Secure Password Authentication": http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ windowsserver2003/proddocs/entserver/POP3_howTo_server_enableSPA.asp Outlook for Mac OS: http://support.microsoft.com/default.aspx?scid=kb;en-us;300506
        Hide
        Matt Bishop added a comment -

        The clients I know about that support APOP are:

        Outlook 2002 (Look at Outgoing Server -> My outgoing server (SMTP) requires authentication)
        Outlook Express (Windows, Mac)
        Eudora (Windows, Mac)
        Entourage (Mac)
        Mail (Mac)
        Netscape 7 (Windows, Mac)

        I'll create a patch and test it on these clients before submitting.

        Show
        Matt Bishop added a comment - The clients I know about that support APOP are: Outlook 2002 (Look at Outgoing Server -> My outgoing server (SMTP) requires authentication) Outlook Express (Windows, Mac) Eudora (Windows, Mac) Entourage (Mac) Mail (Mac) Netscape 7 (Windows, Mac) I'll create a patch and test it on these clients before submitting.
        Hide
        Noel J. Bergman added a comment -

        Do you feel like submitting a patch to POP3Handler.java to implement APOP
        support?

        One issue, as I understand it, is that very few clients actually support
        APOP. Neither Mozilla nor Outlook do, according to what I've read, although
        Eudora is reported to do so. The preferred solution is TLS, which we already
        support.

        Show
        Noel J. Bergman added a comment - Do you feel like submitting a patch to POP3Handler.java to implement APOP support? One issue, as I understand it, is that very few clients actually support APOP. Neither Mozilla nor Outlook do, according to what I've read, although Eudora is reported to do so. The preferred solution is TLS, which we already support.
        Matt Bishop created issue -

          People

          • Assignee:
            Unassigned
            Reporter:
            Matt Bishop
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development