[30266] in Kerberos
Re: Kerberize MS Exchange?
daemon@ATHENA.MIT.EDU (Michael B Allen)
Thu Sep 4 15:00:57 2008
Message-ID: <78c6bd860809041200m5205aa33p564696ca9baf06a0@mail.gmail.com>
Date: Thu, 4 Sep 2008 15:00:24 -0400
From: "Michael B Allen" <ioplex@gmail.com>
To: "Eric Hill" <eric@ijack.net>
In-Reply-To: <6BBC1BDFD77747F7BB00884FC9C544EE@pioneer.world>
MIME-Version: 1.0
Content-Disposition: inline
Cc: Walter Sobchak <genijalac@yahoo.com>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, Sep 4, 2008 at 2:26 PM, Eric Hill <eric@ijack.net> wrote:
>> Kerberize it how?
>>
>> MS Exchange uses a proprietary communications protocol so it's not
>> clear how Kerberos authentication even works in Exchange [1].
>>
>> If you're talking about using IMAP4, last I checked MS Exchange does
>> not support Kerberos w/ IMAP4 at all.
>>
>> Mike
>>
>> [1] There is some new "Exchange Protocols" documentation released as
>> part of the EU settlement that might include such details.
>
> Actually the protocol doesn't really include anything for authentication. The core Exchange security mechanism is a named pipe
> connection to the server, and a thread running ImpersonateNamedPipeClient on the server-side to handle requests on behalf of the
> user.
>
> Microsoft may or may not use Kerberos to authenticate the pipe.
I understand. That's good actually because there is quite a bit of
open code that can do Kerberos over Windows named pipes (including SMB
named pipes).
Incidentally, I have been informed off-list that newer versions of
Exchange's IMAP implementation actually do support Kerberos via
GSSAPI.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
