Security issues:

This port does not use "shadow" password authentication, because things
work a bit differently on BSD systems. The 'normal' authentication function
is patched to zero-out the password after authentication. Because OpenBSD's
getpwnam takes great care to cleanup, I'm fairly positive this patch achieves
the same level of security as all the trickery in function do_shadow_auth.


The onetime use of strcmp seems correct. One parameter is 'pw->passwd',
obtained from a call to getpwnam. The other parameter is 'pass', which is
derived from an input-buffer of which apop3d takes care not to overrun.

sprintf is used once. Its parameters are 'MAIL_SPOOL_PATH', which is a
compile-time constant and 'mailbox', which is the username, derived from
the password-file. 

One more time: POP3 is inherently insecure. Passwords are sent in cleartext, 
everytime a user checks his mailbox. apop3d does not have APOP support. 
