[24360] in Kerberos
Re: Kerberos ticket access to MS Exchange
daemon@ATHENA.MIT.EDU (Michael D. Norwick)
Sat Jul 30 23:06:38 2005
Message-ID: <42EC4004.6070009@centurytel.net>
Date: Sat, 30 Jul 2005 22:05:40 -0500
From: "Michael D. Norwick" <mnorwick@centurytel.net>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <6.1.2.0.0.20050730205629.01c35ec0@unccmail.uncc.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Rodney M Dyer wrote:
> At 12:41 PM 7/29/2005, Nebergall, Christopher wrote:
>
>> Are there ANY mail client programs besides MS Outlook on any OS which
>> support kerberos ticket authentication to Microsoft exchange?
>
>
> No.
>
>> Does MS even use the standard gssapi sasl for IMAP?
>
>
> No. Exchange IMAP isn't Kerberized.
>
> We rock and rolled with Microsoft on this very issue. In fact,
> Exchange is almost useless for use with Kerberos (especially cross
> realm trusts). That is unless you have Exchange installed on the very
> same AD domain as the one you are trying to use kerberized access to.
>
> (IMHO) I don't think Microsoft really cares about Kerberos. In
> almost all cases if you stop storing real passwords on the AD domain
> you will always have your conceived ideas of Kerberized grandure fall
> apart on you. "Want to try it this way? Nope can't do that!" "Want
> to try it the other way? Nope, can't do that either!"
>
> The best you can ever hope for is password syncronization schemes
> under ID management
Or, you could ditch Microsoft.
Michael
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
