Hi Дилян, That's an interesting find. Looks like the KPOP support was added by this commit (in 1994!): https://github.com/cyrusimap/cyrus-imapd/commit/3d4ec8f97dc8ea841add759070cd3391bdd79615 That commit contains comments like, "MIT's kpop authentication kludge", "MIT's kludge of a kpop protocol"... It's not much to go on, but from those comments I'm inferring that it was added to Cyrus for compatibility with whatever MIT were using. Perhaps MIT had a custom client/server, and having this feature in pop3d would allow users of the MIT client to also talk to Cyrus/CMU servers. I'd never heard of it until today, so I don't have any more insight than this. Cheers, ellie On Wed, 8 May 2024, at 4:50 AM, Дилян Палаузов wrote: > Hello, > > is somebody using MIT’s Kerberized Post Office Protocol offered by > Cyrus IMAP (cmd="pop3d -k")? This thing runs on a different port than > POP3. I cannot find in internet description of the protocol, or MUAs > which support it. > > This is the text I found in Internet for KPOP: > > According to https://en.wikipedia.org/wiki/Post_Office_Protocol this is > “In computing, local e-mail clients can use the Kerberized Post Office > Protocol (KPOP), an application-layer Internet standard protocol, to > retrieve e-mail from a remote server over a TCP/IP connection. The KPOP > protocol is based on the POP3 protocol – differing in that it adds > Kerberos security and that it runs by default over TCP port number 1109 > instead of 110. One mail server software implementation is found in the > Cyrus > IMAP server. ” > > https://www.emailondeck.com/b/The-Development-and-Evolution-of-Post-Office-Protocol-POP-in-Email > says for KPOP > > The Kerberized Post Office Protocol (KPOP) is a modification of the > Post Office Protocol (POP) that includes Kerberos authentication > capability. Kerberos is a secure authentication mechanism that enables > users to access network resources without disclosing their passwords in > plaintext over the network. > > Using KPOP, clients can authenticate to a mail server using Kerberos > credentials instead of transmitting plaintext passwords over the > network. This adds an additional layer of protection for POP > connections, making it harder for an attacker to intercept and obtain > credentials. KPOP is primarily utilized in situations where Kerberos is > already deployed, and it enables single sign-on for email clients. > > KPOP is an older protocol that is not as widely supported as current > email protocols, such as IMAP and SMTP, which have built-in security > improvements. Additionally, because KPOP is less prevalent than other > email protocols, it is unlikely to be supported by the majority of > email clients and servers. > > Greetings > Дилян ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/Tb63d9a1ac6df7bde-M292a4531a22c79e590a9143b Delivery options: https://cyrus.topicbox.com/groups/info/subscription
