imap server and GSSAPI ?

Donn Cave donn at u.washington.edu
Thu Apr 18 12:21:01 EDT 2002


Quoth Martin Schulz <schulz at iwrmm.math.uni-karlsruhe.de>:

| I'am currently setting up an imap server. Basic mail delivery works,
| but authentication still needs password passing (via ssl, but
| nevertheless). But I definitely want to make use of the available Krb5
| TGT, to avoid that password passing; as I understood it, GSSAPI is the
| way to go.
|
|
| Are there any comprehensive descriptions about this setup? 
|
| I found a brief description for cyrus-imapd, but I am using the UW imapd.

Do you mean you want to know to implement GSSAPI-Kerberos5 authentication
in your own IMAP client?  I guess you could look at RFC 2060 (IMAP4rev1),
AUTHENTICATE command, for starters.  Use "GSSAPI" for "mechanism name".
You can also see one implementation in the imapd source, c-client/auth_gss.c.
I might be able to provide another examples if you happen to be working
in Python instead of C.

On the other hand, if you want to use existing software, you might want
to specify the platform.  I know pine and recent Windows versions of Eudora
will do that, undoubtedly a few others.

	Donn Cave, donn at u.washington.edu



More information about the Kerberos mailing list