diff -u branches/BRANCH_6-3/pop3.c branches/BRANCH_6-3/pop3.c
--- branches/BRANCH_6-3/pop3.c	2007-02-02 23:34:11 UTC (rev 5020)
+++ branches/BRANCH_6-3/pop3.c	2007-02-02 23:47:15 UTC (rev 5021)
@@ -610,6 +610,20 @@
 	}
 #endif /* OPIE_ENABLE */
 
+	/* KPOP uses out-of-band authentication and does not check what
+	 * we send here, so send some random fixed string, to avoid
+	 * users switching *to* KPOP accidentally revealing their
+	 * password */
+	if ((ctl->server.authenticate == A_ANY
+		    || ctl->server.authenticate == A_KERBEROS_V4
+		    || ctl->server.authenticate == A_KERBEROS_V5)
+		&& (ctl->server.service != NULL
+		    && strcmp(ctl->server.service, KPOP_PORT) == 0))
+	{
+	    ok = gen_transact(sock, "PASS krb_ticket");
+	    break;
+	}
+
 	/* check if we are actually allowed to send the password */
 	if (ctl->server.authenticate == A_ANY
 		|| ctl->server.authenticate == A_PASSWORD) {