Kerberos ticket access to MS Exchange
Rodney M Dyer
rmdyer at uncc.edu
Sat Jul 30 20:57:55 EDT 2005
At 12:41 PM 7/29/2005, Nebergall, Christopher wrote:
>Are there ANY mail client programs besides MS Outlook on any OS which
>support kerberos ticket authentication to Microsoft exchange?
No.
>Does MS even use the standard gssapi sasl for IMAP?
No. Exchange IMAP isn't Kerberized.
We rock and rolled with Microsoft on this very issue. In fact, Exchange is
almost useless for use with Kerberos (especially cross realm trusts). That
is unless you have Exchange installed on the very same AD domain as the one
you are trying to use kerberized access to.
(IMHO) I don't think Microsoft really cares about Kerberos. In almost all
cases if you stop storing real passwords on the AD domain you will always
have your conceived ideas of Kerberized grandure fall apart on you. "Want
to try it this way? Nope can't do that!" "Want to try it the other
way? Nope, can't do that either!"
The best you can ever hope for is password syncronization schemes under ID
management suites.
Rodney
More information about the Kerberos
mailing list