Site is set to force users to login. Self registration is disabled. POP3 authentication is enabled besides internal. When a user enters bogus userid, he gets properly an error msg about invalid login. However, when a user (who is not registered in the system) enters a userid and password that authenticate with pop3, Moodle thinks for a while then I get

The page isn't redirecting properly – Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

The URL shows as http://xxxxxxxx/moodle19/user/edit.php?id=3&course=1

Moodle 1.8 allows user to continue to login at this point, which is of false IMHO. I hope that Moodle 1.9 attempts a proper behavior (to refuse login) and encounters a programming glitch.