Kerberos ticket access to MS Exchange

peter huang aphuang at gmail.com
Mon Aug 1 10:10:51 EDT 2005


Rodney M Dyer wrote:
 >
> Sure, you can find several Kerberized IMAP servers and clients.  And you
> can use Microsoft's Active Directory for your Kerberos KDC, no
> problem.  You just can't use Outlook, or Microsoft Exchange IMAP with
> anyone elses KDC.  Microsoft has made sure that in setting up a Kerberized
> network environment you should always use "their" server products as your
> KDCs.  Use anything else and you will not be forgiven.  You want to use MIT
> KDC, or Hesiod, forget it.  You will expend to much time and effort on
> something that will eventually not work anyway.  The funny thing is, if you
> are going to store passwords on your Microsoft AD server acting as a KDC,
> then what is the point of having a KDC in the first place...in terms of
> Microsoft authentication?  This is why I say that Microsoft uses Kerberos
> just to appease the 'nix natives.  It certainly has little use in their own
> products.
>
> Rodney
>
I agree it was quite disappointing when exchange2003 came with some
kerberos support but not extended to IMAP.   I think the problem is
outlook/exchange design itself, they just have way too many MAPI hooks
together so it is difficult to extend that to IMAP.  I used outlook web
access with kerberos with some small degree of success (using mozilla
and exchange new mail notification). the main issue for me are some of
the nice features in OWA are off on mozilla (e.g. search folders). BTW,
MAPI is using kerberos just not IMAP support ;-(
 
-peter



More information about the Kerberos mailing list