Kerberos ticket access to MS Exchange

Michael D. Norwick mnorwick at centurytel.net
Sat Jul 30 23:05:40 EDT 2005


Rodney M Dyer wrote:

> At 12:41 PM 7/29/2005, Nebergall, Christopher wrote:
>
>> Are there ANY mail client programs besides MS Outlook on any OS which
>> support kerberos ticket  authentication to Microsoft exchange?
>
>
> No.
>
>> Does MS even use the standard gssapi sasl for IMAP?
>
>
> No.  Exchange IMAP isn't Kerberized.
>
> We rock and rolled with Microsoft on this very issue.  In fact,
> Exchange is almost useless for use with Kerberos (especially cross
> realm trusts).  That is unless you have Exchange installed on the very
> same AD domain as the one you are trying to use kerberized access to.
>
> (IMHO)  I don't think Microsoft really cares about Kerberos.  In
> almost all cases if you stop storing real passwords on the AD domain
> you will always have your conceived ideas of Kerberized grandure fall
> apart on you.  "Want to try it this way?  Nope can't do that!"  "Want
> to try it the other way?  Nope, can't do that either!"
>
> The best you can ever hope for is password syncronization schemes
> under ID management

Or, you could ditch Microsoft.

Michael



More information about the Kerberos mailing list