Mailing List SIMS@mail.stalker.com Message #15120
From: Bill Cole <listbill@scconsult.com>
Subject: Re: poppassd & Eudora
Date: Wed, 14 Sep 2005 18:19:44 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
At 7:34 PM -0400 9/13/05, Stefan Jeglinski  imposed structure on a stream of electrons, yielding:
I see that I have been spoiled by Eudora and a server that supports the poppassd protocol allowing a user to change their passwords via their client?

I just assumed that all e-mail clients could do this since Eudora could, and SIMS can. I since found that a) the protocol was basically invented at Qualcomm, and that b) few (none?) other pop clients support it.

And c) it is so grossly insecure that support for it should be disabled in anything capable of it.

I guess that ISPs generally have web-based tools (aka scripts) that interface to their mail servers so that users can log-on and change to a desired password?

Yes. Through an encrypted channel, usually.


My problem actually involves an EIMS server on OS9. The only way a user's password can be changed is a) I do it and therefore know the password or b) the user does it with Eudora.

I am slowly planning my move from SIMS to a *nix mailserver. How is something like this supported in postfix, for example? Are there mailservers that do this without poppassd or have particularly elegant tools for users to change their own passwords?

Postfix is purely an SMTP server. POP3 servers vary. As I don't run any POP3 server on any Unix box currently and haven't for some years, I have no answer for you (and when I DID, the users were all local users on the host in question, and password changing was a matter of logging in and running passwd...)


--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster