[24647] in Kerberos
Re: Kerberos support in Thunderbird
daemon@ATHENA.MIT.EDU (Jim Alexander)
Thu Sep 15 13:28:13 2005
From: jalex@cis.upenn.edu (Jim Alexander)
Date: Thu, 15 Sep 2005 03:04:13 +0000 (UTC)
Message-ID: <dgaobd$1j93$1@netnews.upenn.edu>
To: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
In article <tslr7br8cw2.fsf@cz.mit.edu>, Sam Hartman <hartmans@mit.edu> wrote:
]
]sorry, but I'm fairly sure the GSSAPI SASL mechanism falls within the
]definition of IMAP secure authentication.
Yes, I wasn't at all clear what I meant there. I was not referring to the
general definition of "secure authentication," which GSSAPI certainly
falls into. I meant the "secure authentication" preference that appears
in other popular mailers - this usually means something like NTLM or
CRAM-MD5. I think it's current usage in Thunderbird is confusing.
In any case, as I said in other posts, I think that the user needs to
be given a way to explicitly specify the desired authentication mechanism,
and needs to be told when their auth of choice has failed, not just
autonegotiate down an auth chain in an undocumented order.
] Jim> (b) If my ticket cache is empty, Thunderbird correctly posts
] Jim> a "your server does not support secure authentication"
] Jim> dialog. My key manager never prompts me to obtain a ticket.
]
]On Mac and Windows this is not at all what I'd expect. I'd expect you
]to be prompted to get tickets.
Exactly, but instead Thunderbird just gives up and falls back to something
else, and it's totally unclear to the user what went wrong.
--
________ Jim Alexander __________________ jalex@cis.upenn.edu ________________
I have yet to see a problem, however complicated, which, when you looked at it
in the right way, did not become still more complicated. -- Poul Anderson
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos