Kerberos support in Thunderbird
Sam Hartman
hartmans at MIT.EDU
Wed Sep 14 19:07:02 EDT 2005
>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at cmu.edu> writes:
Jeffrey> On Monday, September 12, 2005 15:13:27 +0000 Jeffrey
Jeffrey> Altman
Jeffrey> <jaltman2 at nyc.rr.com> wrote:
>> This can end up causing some problems for end users. It is
>> entirely possible for the GSSAPI authentication to succeed and
>> yet the user will be unable to access the mailbox they are
>> attempting to reach because the principal used is not the one
>> which has authorization for accessing the mailbox.
Jeffrey> And yet, it is what nearly every Kerberized application
Jeffrey> in existance does, and it seems to work reasonably well.
Jeffrey> I realize that you would like to see a better UI for
Jeffrey> client credential selection, but today, this is the best
Jeffrey> current practice.
I actually have to agree with Jeff Hutzelman here. I think you
definitely want the default behavior to be what Thunderbird is doing
now: use the default principal and do gss if the server offers it.
--Sam
More information about the Kerberos
mailing list