APOP module
===========

	This  module implements  the APOP  command, which  is  used to
	authenticate users in a quite secure manner.

	It  announces  itself in  the  daemon's  greeting message,  by
	adding a string like this to it:

		<10810.969533190@baldur.bonehunter.org>

	Then, the  client can issue  an APOP command, which  takes two
	arguments: the  user-name and  a message digest.   The message
	digest is the  MD5 hash of the APOP  announcement string and a
	secret phrase known only by the daemon and the client.

	In this implementation, the secret  is stored in a file called
	'.apop_secret' in the actual user's home directory. Everything
	that file  contains is the secret, including  newlines.  So if
	that file contains 'my secret phrase', then the digest will be
	generated from the string:

		<10810.969533190@baldur.bonehunter.org>my secret phrase

	The daemon compares the  generated digest and the one supplied
	by the client, and grants access if they match.

	If they don't,  the daemon might fall back  to a previous APOP
	handler, but only if the administrator enables this.

OPTIONS
=======

	The module uses the following options:

	APOP.SECRET_FILE: The  file in the user's  home directory from
	which the secret phrase will be extracted. Defaults to ~/.apop_secret.

	APOP.FALLBACK: Turning this on  will enable the module to call
	a previous  implementation of the APOP  command (if available)
	when the authentication fails. By default, this is turned off.

	APOP.GET_SECRET.FALLBACK:  Turning  this   on  will  enable  a
	previous implementation (if any)  to take over, if the reading
	of the secret failed.  This is off by default.

	APOP.DOMAINNAME:  Use this  value as  the domain  name  if the
	system does not specify any.

	APOP.FQDN:  Fully Qualified Domain  Name. If  this is  set, it
	will override the value determined using system calls.

PROVIDES
========

	This module provides the  APOP command and the APOP-GET-SECRET
	hook.
