Kerberos ticket access to MS Exchange
Michael D. Norwick
mnorwick at centurytel.net
Sat Jul 30 23:05:40 EDT 2005
Rodney M Dyer wrote:
> At 12:41 PM 7/29/2005, Nebergall, Christopher wrote:
>
>> Are there ANY mail client programs besides MS Outlook on any OS which
>> support kerberos ticket authentication to Microsoft exchange?
>
>
> No.
>
>> Does MS even use the standard gssapi sasl for IMAP?
>
>
> No. Exchange IMAP isn't Kerberized.
>
> We rock and rolled with Microsoft on this very issue. In fact,
> Exchange is almost useless for use with Kerberos (especially cross
> realm trusts). That is unless you have Exchange installed on the very
> same AD domain as the one you are trying to use kerberized access to.
>
> (IMHO) I don't think Microsoft really cares about Kerberos. In
> almost all cases if you stop storing real passwords on the AD domain
> you will always have your conceived ideas of Kerberized grandure fall
> apart on you. "Want to try it this way? Nope can't do that!" "Want
> to try it the other way? Nope, can't do that either!"
>
> The best you can ever hope for is password syncronization schemes
> under ID management
Or, you could ditch Microsoft.
Michael
More information about the Kerberos
mailing list