[Macpartners] Mac OS X 10.4 "Tiger" Update
Alexandra Ellwood
lxs at MIT.EDU
Thu Jun 23 16:23:34 EDT 2005
On Jun 23, 2005, at 3:38 PM, Albert Willis wrote:
>
> On Jun 23, 2005, at 1:32 PM, Carolyn Fuller wrote:
>
>> Alexandra,
>>
>> I have SSL checked but Al suggested a few weeks ago that I switch
>> to Kerberos Version 4.
>
> Yes, I suggested using Kerberos for authentication in the context
> of using Mail on Mac OS X 10.3.9, since using SSL with Mail on
> 10.3.9 is broken and Kerberos authentication works.
>
The SSL performance problems in 10.3.9 are with incoming mail (IMAP)
configurations, right? As far as I know, MIT's production IMAP
servers don't support Kerberos 5 (GSSAPI) -- although the test server
PO15 does. What I'm referring to are the "Outgoing Mail Server"
preferences (SMTP). Outgoing.mit.edu (MIT's SMTP server) does
support Kerberos 5 authentication on port 587.
In my experience, in the Tiger Mail.app "Outgoing Mail Server"
preferences if you have "Authentication" set to "Kerberos 5 (GSSAPI)"
and "Use Secure Sockets Layer (SSL)" *unchecked*, then random memory
will be appended to outgoing mail messages longer than 8192 bytes.
Checking the SSL checkbox changes what type of encryption is used
(SSL instead of GSSAPI) and causes the bug to stop happening.
--lxs
Alexandra Ellwood <lxs at mit.edu>
MIT Kerberos Development Team
<http://mit.edu/lxs/www>
More information about the Macpartners
mailing list