[24646] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Kerberos support in Thunderbird

daemon@ATHENA.MIT.EDU (Andreas Hasenack)
Thu Sep 15 12:33:46 2005

Date: Thu, 15 Sep 2005 13:32:39 -0300
From: Andreas Hasenack <ahasenack@terra.com.br>
To: kerberos@mit.edu
Message-ID: <20050915163237.GA16366@conectiva.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <dg50au$elr8$1@netnews.upenn.edu>
Errors-To: kerberos-bounces@mit.edu

On Mon, Sep 12, 2005 at 10:43:42PM +0000, Jim Alexander wrote:
> I meant to also add that I think it is generally considered bad form to
> silently fall back to a weaker security mechanism when a stronger on
> fails. I want to be able to configure my mail client to use GSSAPI,
> and if it fails, I want to be told that it failed, not fall back
> and perhaps successfully authenticate using CRAM-MD5, leaving me without
> a clue that my chosen auth method is not working.

I agree with that. I also think something more specific than "secure
password authentication" is needed.

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post