diff --git a/appl/popper/pop_dropcopy.c b/appl/popper/pop_dropcopy.c
index d848962b7..8464bf6be 100644
--- a/appl/popper/pop_dropcopy.c
+++ b/appl/popper/pop_dropcopy.c
@@ -68,8 +68,10 @@ struct passwd	*	pwp;
     }
 
     /* Now give this file to the user	*/
-    (void) chown(template,pwp->pw_uid, pwp->pw_gid);
-    (void) chmod(template,0600);
+    if (pwp) {
+    	(void) chown(template,pwp->pw_uid, pwp->pw_gid);
+    	(void) chmod(template,0600);
+    }
 
     /* Now link this file to the temporary maildrop.  If this fails it
      * is probably because the temporary maildrop already exists.  If so,
@@ -81,9 +83,10 @@ struct passwd	*	pwp;
     (void) unlink(template);
 
     /* Now we run as the user. */
-    (void) setuid(pwp->pw_uid);
-    (void) setgid(pwp->pw_gid);
-
+    if (pwp) {
+    	(void) setuid(pwp->pw_uid);
+    	(void) setgid(pwp->pw_gid);
+    }
 #ifdef DEBUG
     if(p->debug)pop_log(p,POP_DEBUG,"uid = %d, gid = %d",getuid(),getgid());
 #endif DEBUG
diff --git a/appl/popper/pop_init.c b/appl/popper/pop_init.c
index fa14be06c..ed4b3229e 100644
--- a/appl/popper/pop_init.c
+++ b/appl/popper/pop_init.c
@@ -18,6 +18,12 @@ static char SccsId[] = "@(#)@(#)pop_init.c	2.1  2.1 3/18/91";
 #include <arpa/inet.h>
 #include "popper.h"
 
+#ifdef KERBEROS
+#include <krb.h>
+    
+AUTH_DAT kdata;
+#endif /* KERBEROS */
+
 extern int      errno;
 
 /* 
@@ -184,5 +190,42 @@ char    **      argmessage;
         pop_log(p,POP_PRIORITY,"Debugging turned on");
 #endif DEBUG
 
+    return(authenticate(p, &cs));
+}
+
+authenticate(p, addr)
+     POP     *p;
+     struct sockaddr_in *addr;
+{
+
+#ifdef KERBEROS
+    Key_schedule schedule;
+    KTEXT_ST ticket;
+    char instance[INST_SZ];  
+    char version[9];
+    int auth;
+  
+    strcpy(instance, "*");
+    auth = krb_recvauth(0L, 0, &ticket, "pop", instance,
+                        addr, (struct sockaddr_in *) NULL,
+                        &kdata, "", schedule, version);
+    
+    if (auth != KSUCCESS) {
+        pop_msg(p, POP_FAILURE, "Kerberos authentication failure: %s", 
+                krb_err_txt[auth]);
+        pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) %s", p->client, 
+                kdata.pname, kdata.pinst, kdata.prealm, krb_err_txt[auth]);
+        exit(-1);
+    }
+
+#ifdef DEBUG
+    pop_log(p, POP_DEBUG, "%s.%s@%s (%s): ok", kdata.pname, 
+            kdata.pinst, kdata.prealm, inet_ntoa(addr->sin_addr));
+#endif /* DEBUG */
+
+    strcpy(p->user, kdata.pname);
+
+#endif /* KERBEROS */
+
     return(POP_SUCCESS);
 }
diff --git a/appl/popper/pop_pass.c b/appl/popper/pop_pass.c
index de9e52296..eb1f1346b 100644
--- a/appl/popper/pop_pass.c
+++ b/appl/popper/pop_pass.c
@@ -15,6 +15,11 @@ static char SccsId[] = "@(#)@(#)pop_pass.c	2.3  2.3 4/2/91";
 #include <pwd.h>
 #include "popper.h"
 
+#ifdef KERBEROS
+#include <krb.h>
+extern AUTH_DAT kdata;
+#endif /* KERBEROS */
+
 /* 
  *  pass:   Obtain the user password from a POP client
  */
@@ -22,8 +27,44 @@ static char SccsId[] = "@(#)@(#)pop_pass.c	2.3  2.3 4/2/91";
 int pop_pass (p)
 POP     *   p;
 {
+#ifdef KERBEROS
+    char lrealm[REALM_SZ];
+    int status; 
+#else
     register struct passwd  *   pw;
     char *crypt();
+#endif /* KERBEROS */
+
+#ifdef KERBEROS
+    if ((status = krb_get_lrealm(lrealm,1)) == KFAILURE) {
+        pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) %s", p->client, kdata.pname, 
+                kdata.pinst, kdata.prealm, krb_err_txt[status]);
+        return(pop_msg(p,POP_FAILURE,
+            "Kerberos error:  \"%s\".", krb_err_txt[status]));
+    }
+
+    if (strcmp(kdata.prealm,lrealm))  {
+         pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) realm not accepted.", 
+                 p->client, kdata.pname, kdata.pinst, kdata.prealm);
+         return(pop_msg(p,POP_FAILURE,
+                     "Kerberos realm \"%s\" not accepted.", kdata.prealm));
+    }
+
+    if (strcmp(kdata.pinst,"")) {
+        pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) instance not accepted.", 
+                 p->client, kdata.pname, kdata.pinst, kdata.prealm);
+        return(pop_msg(p,POP_FAILURE,
+              "Must use null Kerberos(tm) instance -  \"%s.%s\" not accepted.",
+              kdata.pname, kdata.pinst));
+    }
+
+    /*  Build the name of the user's maildrop */
+    (void)sprintf(p->drop_name,"%s/%s",POP_MAILDIR,p->user);
+    
+    /*  Make a temporary copy of the user's maildrop */
+    if (pop_dropcopy(p, 0) != POP_SUCCESS) return (POP_FAILURE);
+
+#else /* !KERBEROS */
 
     /*  Look for the user in the password file */
     if ((pw = getpwnam(p->user)) == NULL)
@@ -47,6 +88,8 @@ POP     *   p;
     /*    and set the group and user id */
     if (pop_dropcopy(p,pw) != POP_SUCCESS) return (POP_FAILURE);
 
+#endif /* !KERBEROS */
+
     /*  Get information about the maildrop */
     if (pop_dropinfo(p) != POP_SUCCESS) return(POP_FAILURE);
 
diff --git a/appl/popper/pop_user.c b/appl/popper/pop_user.c
index 7fca0b656..00cf910cc 100644
--- a/appl/popper/pop_user.c
+++ b/appl/popper/pop_user.c
@@ -21,8 +21,10 @@ static char SccsId[] = "@(#)@(#)pop_user.c	2.1  2.1 3/18/91";
 int pop_user (p)
 POP     *   p;
 {
+#ifndef KERBEROS
     /*  Save the user name */
     (void)strcpy(p->user, p->pop_parm[1]);
+#endif /* KERBEROS */
 
     /*  Tell the user that the password is required */
     return (pop_msg(p,POP_SUCCESS,"Password required for %s.",p->user));