Password expiration

[Ken Hornstein]

>I know, but I just don't know how my userbase will react to the need to 
>have Kerberized clients around. Again, if I could get a set of clients
>put up on my ftp site that 
>
>	- use tickets
>	- will prompt users for a password when there's no ticket/an
>	  expired ticket, and obtain a new one
>	- put the ticket in the appropriate place so all the other
>	  clients will use them
>	- install easily on multple platforms
>
>I may be able to swing it.

I've done that already (pushed out Kerberos clients to the users), and it
wasn't _that_ bad.  From what you list above, we already have 1) and 3),
2) ends up being hard to impossible depending on the platform, 4) is
"okay".  I personally can live without an automatic prompting for new
tickets (it would be nice), since the error you get when your ticket 
_is_ expired is usually very clear.

>And realistically, what are my Kerberized options for even reading IMAP mail?
>How about Kerberized SMTP for SMTP auth? Does Outlook even support tickets yet? 

Actually, the options here are pretty good.  Eudora and Mulberry both support
Kerberized POP/IMAP/SMTP (on Windows and Mac).  Outlook, unfortunately, is
the big holdout.

--Ken