I am using Dovecot to provide IMAP and IMAP+SSL service for my users, but am still using QPopper for POP3 service, wrapped with stunnel for POP3+SSL.
I am hesitant to get rid of QPopper because it supports APOP, which encrypts authentication data (both where it is stored, and when it is transmitted), and because APOP passwords can be managed by the users themselves, via the popauth tool that they can run from their shell accounts.
I'd like very much to use Dovecot for POP3, but would need to have it be comparable to APOP, where authentication does not involve having user passwords going across the wire in the clear, and especially I need for users to be able to maintain their passwords themselves, preferably with their status as a current user of the system being established without my intervention; I don't want to have to manually keep things in sync with /etc/passwd. Furthermore, it needs to have no conflicts with popular email clients including Mozilla, Outlook, Outlook Express, and Eudora, so unusual authentication mechanisms are not really an option.
I've RTFM at http://www.dovecot.org/doc/auth.txt but I don't know how to establish a separate passwd file that would satisfy the requirement that users be able to maintain their passwords themselves. And PAM is a complete mystery to me.
So what do you all do? Is there a tutorial somewhere that would help?
Thanks,
M.