[24384] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Kerberos ticket access to MS Exchange

daemon@ATHENA.MIT.EDU (Ken Hornstein)
Mon Aug 1 14:34:53 2005

Message-Id: <200508011833.j71IXxtt000963@ginger.cmf.nrl.navy.mil>
To: kerberos@mit.edu
In-Reply-To: <6.1.2.0.0.20050731153349.01c0dec0@unccmail.uncc.edu> 
Date: Mon, 01 Aug 2005 14:34:00 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Errors-To: kerberos-bounces@mit.edu

>something that will eventually not work anyway.  The funny thing is, if you 
>are going to store passwords on your Microsoft AD server acting as a KDC, 
>then what is the point of having a KDC in the first place...in terms of 
>Microsoft authentication?  This is why I say that Microsoft uses Kerberos 
>just to appease the 'nix natives.  It certainly has little use in their own 
>products.

To be fair to Microsoft ... they do seem to use Kerberos in a number of
places.  E.g., their instant messaging protocol is Kerberized (I verified
that with a network sniffer).  From my conversations with Microsoft people,
the reason Exchange doesn't do GSSAPI-authenticate IMAP really seems to
be more tied up in lack of interest in the Exchange group (for what
reason, I dunno).

--Ken
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post