CMU used KRB extensively and I assume that some POP3 client in use on campus supported KPOP.

My guess is that that support for this can be removed from pop3d.c.  I've sent an email to info-cyrus to poll for any deployments that are using it.


On 5/7/24 7:32 PM, ellie timoney wrote:
Hi Дилян,

That's an interesting find.  Looks like the KPOP support was added by this 
commit (in 1994!):
https://github.com/cyrusimap/cyrus-imapd/commit/3d4ec8f97dc8ea841add759070cd3391bdd79615

That commit contains comments like, "MIT's kpop authentication kludge", "MIT's 
kludge of a kpop protocol"...

It's not much to go on, but from those comments I'm inferring that it was added 
to Cyrus for compatibility with whatever MIT were using.  Perhaps MIT had a 
custom client/server, and having this feature in pop3d would allow users of the 
MIT client to also talk to Cyrus/CMU servers.

I'd never heard of it until today, so I don't have any more insight than this.

Cheers,

ellie

On Wed, 8 May 2024, at 4:50 AM, Дилян Палаузов wrote:
Hello,

is somebody using MIT’s Kerberized Post Office Protocol offered by
Cyrus IMAP (cmd="pop3d -k")?  This thing runs on a different port than
POP3.  I cannot find in internet description of the protocol, or MUAs
which support it.


This is the text I found in Internet for KPOP:

According to https://en.wikipedia.org/wiki/Post_Office_Protocol this is
“In computing, local e-mail clients can use the Kerberized Post Office
Protocol (KPOP), an application-layer Internet standard protocol, to
retrieve e-mail from a remote server over a TCP/IP connection. The KPOP
protocol is based on the POP3 protocol – differing in that it adds
Kerberos security and that it runs by default over TCP port number 1109
instead of 110. One mail server software implementation is found in the
Cyrus
IMAP server. ”

https://www.emailondeck.com/b/The-Development-and-Evolution-of-Post-Office-Protocol-POP-in-Email
says for KPOP

The Kerberized Post Office Protocol (KPOP) is a modification of the
Post Office Protocol (POP) that includes Kerberos authentication
capability. Kerberos is a secure authentication mechanism that enables
users to access network resources without disclosing their passwords in
plaintext over the network.

Using KPOP, clients can authenticate to a mail server using Kerberos
credentials instead of transmitting plaintext passwords over the
network. This adds an additional layer of protection for POP
connections, making it harder for an attacker to intercept and obtain
credentials. KPOP is primarily utilized in situations where Kerberos is
already deployed, and it enables single sign-on for email clients.

KPOP is an older protocol that is not as widely supported as current
email protocols, such as IMAP and SMTP, which have built-in security
improvements. Additionally, because KPOP is less prevalent than other
email protocols, it is unlikely to be supported by the majority of
email clients and servers.

Greetings
   Дилян

------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/Tb63d9a1ac6df7bde-M27ce43fbcdb670cc3b9f86c4
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
------------------------------------------
Cyrus: Devel
Permalink: 
https://cyrus.topicbox.com/groups/devel/Tb63d9a1ac6df7bde-Me48a3d883388aa7c8a201329
Delivery options: https://cyrus.topicbox.com/groups/devel/subscription

--
Kenneth Murchison
Senior Software Developer
Fastmail US LLC


------------------------------------------
Cyrus: Devel
Permalink: 
https://cyrus.topicbox.com/groups/devel/Tb63d9a1ac6df7bde-M02b2589ff5d4f26ba1c3a65b
Delivery options: https://cyrus.topicbox.com/groups/devel/subscription

Reply via email to