Canon DU7-1178-000 Service manual - page 57
Chapter 2
2-5
2.1.3 Authentication at RX
0010-7594
The username and the password flow by the plaintext in the reception form by past POP3. And POP3 logs
in POP server at a short cycle. Therefore, the password is easily stolen in POP3.
Enable the password to encrypt and to be attested by using APOP and POP AUTH. APOP is defined by
RFC1939, and executed with UNIX system POP server, and POP AUTH is defined by RFC2449, and
executed with the MS Exchange server.In addition, if POP server supports the SSL(TLS) encryption by
the STLS instruction, not only the password but also the entire reception packet can be encrypted.
"POP AUTH Method " exists in Aditional Function >Network Settings >E-mail/I FAX >Authent./Encryp-
tion , and it is possible to select it from Standard / APOP / POP AUTH .
APOP and POP AUTH are executed respectively when APOP and POP AUTH are selected, and when
Standard is specified, the authentication by the username and the password is executed.
Default: It is Standard.
APOP
APOP authentication procedures are as follows.
(1) As a greeting message when connecting to POP server, the server returns the character strings consist-
ing of the time stamp and the host name to the client. The client links these character strings with the pass-
word character strings, and creates the message digest by MD5 from the linked character strings.
(2) With the APOP command, the client returns the message digest created with the user name to the serv-
er.
(3) Message digest is created in the POP server with the same algorism. By comparing this created digest
and the digest from the client, if both digests are the same, the password is considered as the correct one.
Greeting message when connecting to the server includes the time stamp, so analyzing is difficult since
the created message digest changes every time.
Different from the POP AUTH described later, there is no protocol to check whether or not the server is
supporting APOP from the client, so the user have to decide whether or not APOP is used and set User
mode.
If the server does not support APOP and the user uses APOP, an error occurs. When the error occurs at the
APOP authentication, "APOP Authentication Error" is displayed on the status line for certain time.
Following items are the examples of communication.
S: +OK POP3 server ready
C: APOP mrose c4c9334bac560ecc979e58001b3e22fb
S: +OK maildrop has 1 message (369 octets)
C: :
When the server connection, the password "tanstaaf" character strings of the user mrose is linked after
"" message. Character strings of
"tanstaaf" is hashed by MD5, then it becomes
"c4c9334bac560ecc979e58001b3e22fb".
For actual settings, set as follows. System Settings > Network Settings > E-mail/I-Fax > Authent./ Encryp-
tion > POP AUTH Method >APOP.
POP AUTH
POP AUTH uses the authentication mechanism of SASL(Simple Authentication and Security Layer) pro-
vided in RFC2222 and conducts the user authentication by returning the user name and password infor-
mation as a response to the server challenge and its data from the server. This is standardized as RFC1734
"POP3 AUTHentication command". By the CAPA command extended in RFC2449 "POP3 Extension
Mechanism", you can know the capability which the server has, and SASL authentication algorism which
the server supports is included in one capability and returned by the SASL tag.