Unix KDC/Windows2003 crossrealm trust useless for Exchange2003
Peter Huang
peter.huang at hp.com
Tue Jun 15 16:30:48 EDT 2004
I don't think Exchange2003 support IMAP over kerberos. I tried it with pine
and AUTH=NTLM is the only choice. Exchange2003 support MAPI over
kerberos, therefore OWA work.
-peter huang
"Jeffrey Altman" <jaltman2 at nyc.rr.com> wrote in message
news:40C8BA5E.2080308 at nyc.rr.com...
> I am not aware of anyone who has been able to get this to work.
> I have not spent time analyzing the situation but the fundamental
> cause of the problem appears to be a failure either to obtain PAC
> information in the cross-realm service ticket which Exchange requires;
> or a failure of the user principal name to belong to a realm in
> which Exchange can then lookup additional information within the
> Active Directory.
>
> Whichever the cause it does appear that Exchange was designed
> to be a Microsoft only solution.
>
> Jeffrey Altman
>
>
> Subu Ayyagari wrote:
> > Is there anyone who has managed to use Exchange2003
> > when Windows 2003 domain has a trust with unix Kerberos,
> > so that unix KDC provides authentication to all users?
> >
> >>From systems that are not part of the windows domain,
> > POP and IMAP connectivity to Exchange2003 just do not work.
> > OWA works using UPN (user at unixKDCrealm) though.
> >
> > Appears the only way would be to have an out-of-band process
> > to syncup passwords between unix KDC and Windows ADS.
> > and throw out the cross-realm trust.
> >
> > Any suggestions/comments?
> >
> > -subu
> > email: s.ayyagari at xpedite.com
> >
> >
> >
> >
> >
> >
> >
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
> --
> -----------------
> This e-mail account is not read on a regular basis.
> Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list