[Dovecot] Can't get apop to work.

mouss mouss at netoyen.net
Thu Feb 7 22:54:22 EET 2008 

Bill Cole wrote:
> At 5:20 AM -0800 2/7/08, Greg Lorriman wrote:
>>>  I tried fiddling with PAM by adding an /etc/pam.d/apop file with 
>>> these contents :
>>
>> It's impossible to support anything but plaintext authentication with
>> PAM. See http://wiki.dovecot.org/Authentication/Mechanisms and
>> http://wiki.dovecot.org/Authentication/PasswordSchemes
>>
>>   I'm not overly worried about PAM; I just want to get APOP working.
>> But the wiki doesn't give me even the faintest idea, keeping in mind
>> that I am relatively new to linux. The same applies to all the other
>> authentication schemes. It only tells me how to change the conf
>> file, which doesn't appear to be enough.
>>
>>   Obviously I am missing something here. But I don't know what.
>
> The way APOP works requires the POP3 server to have the user's 
> unencrypted password. There is no way around that. This means that if 
> you want to support APOP with Dovecot, you need to use a passdb 
> configuration that offers access to the password in plaintext. In 
> particular that requires using a passdb driver other than 'pam' 
> because PAM by design does not provide client programs like Dovecot 
> with access to plaintext passwords, and it would be an unusual system 
> where PAM itself has access to passwords in any form that can readily 
> be translated into plaintext.  The referenced wiki pages and the pages 
> they link to explain this in detail, but they do require you to read 
> carefully, absorb the meaning, and synthesize your own solution. There 
> is no cookbook for getting APOP to work. It always requires a password 
> database of some sort that is independent from the operating system's 
> standard mechanism, i.e. PAM or /etc/{passwd,shadow}, because non-toy 
> OS-level authentication systems never store passwords in any directly 
> recoverable form but only in testable forms, i.e. one-way hashes.
>
> On a general conceptual level, any password storage scheme that 
> protects passwords in storage limits you to using only plaintext 
> authentication mechanisms plus at most one compatible non-plaintext 
> mechanism. For example, CRAM-MD5 password storage only allows you to 
> support CRAM-MD5 authentication or plaintext authentication. The 
> logical design of APOP precludes the use of any minimally secure (i.e. 
> one-way hash) password storage scheme because the authentication check 
> is based on a hash of the plaintext password and username with a 
> one-time-use token.
>
>
> It is probably a better idea to reconsider why you want APOP at all. 
> All APOP provides is protection from someone sniffing out the password 
> on the wire. That was a larger risk when APOP was devised than it 
> really is today due to the fact that switches have largely supplanted 
> hubs and a more complete solution is available with SSL/TLS support. 
> APOP doesn't protect mail itself from being sniffed, and comes at the 
> cost of requiring the server to store plaintext passwords, which in 
> most modern cases is a risk of similar magnitude to the risk of having 
> plaintext passwords on the wire. A far better option if your users are 
> not locked into archaic clients is to only offer access over 
> encrypted  (SSL/TLS) sessions, and allow plaintext (PLAIN and LOGIN) 
> authentication mechanisms. That would allow you to use PAM rather than 
> a free-standing password database with plaintext passwords that you 
> only use for APOP because nothing else that claims to be secure in the 
> modern world would ever use such a database.
>

regarding APOP vulnerabilty:
    http://fse2007.uni.lu/slides/rump/apop.pdf
see also:
    http://www.securityfocus.com/archive/1/464477/30/0/threaded

In particular:
<citation>
    APOP should be considered broken in the man-in-the-middle setting.
    User should be encouraged to switch to another authentication
    mechanism, such as CRAM-MD5 (or use TLS...).
</citation>

More information about the dovecot mailing list