[24360] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Kerberos ticket access to MS Exchange

daemon@ATHENA.MIT.EDU (Michael D. Norwick)
Sat Jul 30 23:06:38 2005

Message-ID: <42EC4004.6070009@centurytel.net>
Date: Sat, 30 Jul 2005 22:05:40 -0500
From: "Michael D. Norwick" <mnorwick@centurytel.net>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <6.1.2.0.0.20050730205629.01c35ec0@unccmail.uncc.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Rodney M Dyer wrote:

> At 12:41 PM 7/29/2005, Nebergall, Christopher wrote:
>
>> Are there ANY mail client programs besides MS Outlook on any OS which
>> support kerberos ticket  authentication to Microsoft exchange?
>
>
> No.
>
>> Does MS even use the standard gssapi sasl for IMAP?
>
>
> No.  Exchange IMAP isn't Kerberized.
>
> We rock and rolled with Microsoft on this very issue.  In fact,
> Exchange is almost useless for use with Kerberos (especially cross
> realm trusts).  That is unless you have Exchange installed on the very
> same AD domain as the one you are trying to use kerberized access to.
>
> (IMHO)  I don't think Microsoft really cares about Kerberos.  In
> almost all cases if you stop storing real passwords on the AD domain
> you will always have your conceived ideas of Kerberized grandure fall
> apart on you.  "Want to try it this way?  Nope can't do that!"  "Want
> to try it the other way?  Nope, can't do that either!"
>
> The best you can ever hope for is password syncronization schemes
> under ID management

Or, you could ditch Microsoft.

Michael

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post