diff -urpNX /usr/share/dontdiff dovecot-1.0-test25.vanilla/src/auth/mech-apop.c dovecot-1.0-test25/src/auth/mech-apop.c
--- dovecot-1.0-test25.vanilla/src/auth/mech-apop.c	2004-07-03 14:43:12.000000000 +0400
+++ dovecot-1.0-test25/src/auth/mech-apop.c	2004-07-05 21:42:29.000000000 +0400
@@ -40,14 +40,20 @@ apop_credentials_callback(const char *cr
 		(struct apop_auth_request *)auth_request;
 	unsigned char digest[16];
 	struct md5_context ctx;
+	int ret = FALSE;
 
-	md5_init(&ctx);
-	md5_update(&ctx, auth->challenge, strlen(auth->challenge));
-	md5_update(&ctx, credentials, strlen(credentials));
-	md5_final(&ctx, digest);
+	if (credentials) {
+		md5_init(&ctx);
+		md5_update(&ctx, auth->challenge, strlen(auth->challenge));
+		md5_update(&ctx, credentials, strlen(credentials));
+		md5_final(&ctx, digest);
 
-	mech_auth_finish(auth_request, NULL, 0,
-			 memcmp(digest, auth->digest, 16) == 0);
+		safe_memset((void *) credentials, 0, strlen(credentials));
+
+		ret = (memcmp(digest, auth->digest, 16) == 0);
+	}
+
+	mech_auth_finish(auth_request, NULL, 0, ret);
 }
 
 static int
diff -urpNX /usr/share/dontdiff dovecot-1.0-test25.vanilla/src/pop3-login/client.c dovecot-1.0-test25/src/pop3-login/client.c
--- dovecot-1.0-test25.vanilla/src/pop3-login/client.c	2004-07-03 13:34:56.000000000 +0400
+++ dovecot-1.0-test25/src/pop3-login/client.c	2004-07-05 20:49:33.000000000 +0400
@@ -225,14 +225,14 @@ static void client_destroy_oldest(void)
 	}
 }
 
-static char *get_apop_challenge(void)
+static char *get_apop_challenge(struct pop3_client *client)
 {
-	struct auth_connect_id id;
+	struct auth_connect_id *id = &client->auth_id;
 
-	if (!auth_client_reserve_connection(auth_client, "APOP", &id))
+	if (!auth_client_reserve_connection(auth_client, "APOP", id))
 		return NULL;
 
-	return i_strdup_printf("<%x.%x.%s@%s>", id.server_pid, id.connect_uid,
+	return i_strdup_printf("<%x.%x.%s@%s>", id->server_pid, id->connect_uid,
 			       dec2str(ioloop_time), my_hostname);
 }
 
@@ -241,7 +241,7 @@ static void client_auth_ready(struct pop
 	client->common.io =
 		io_add(client->common.fd, IO_READ, client_input, client);
 
-	client->apop_challenge = get_apop_challenge();
+	client->apop_challenge = get_apop_challenge(client);
 	client_send_line(client, t_strconcat("+OK " PACKAGE " ready.",
 					     client->apop_challenge, NULL));
 }