Kerberos ticket access to MS Exchange
Rodney M Dyer
rmdyer at uncc.edu
Sun Jul 31 16:10:04 EDT 2005
At 02:31 PM 7/31/2005, Nikola Milutinovic wrote:
>How about IMAP kerberized client in general? I'm using Cyrus IMAP 2.2.10
>on Tru64 UNIX and it lives in a MS ADS envirnoment. Will both MS Outlook
>Express and MS Outlook 2003/XP work as GSSAPI clients? I thought I heard
>that Mulberry from Cyrusoft was also Kerberized. Of course, it is not free.
Sure, you can find several Kerberized IMAP servers and clients. And you
can use Microsoft's Active Directory for your Kerberos KDC, no
problem. You just can't use Outlook, or Microsoft Exchange IMAP with
anyone elses KDC. Microsoft has made sure that in setting up a Kerberized
network environment you should always use "their" server products as your
KDCs. Use anything else and you will not be forgiven. You want to use MIT
KDC, or Hesiod, forget it. You will expend to much time and effort on
something that will eventually not work anyway. The funny thing is, if you
are going to store passwords on your Microsoft AD server acting as a KDC,
then what is the point of having a KDC in the first place...in terms of
Microsoft authentication? This is why I say that Microsoft uses Kerberos
just to appease the 'nix natives. It certainly has little use in their own
products.
Rodney
More information about the Kerberos
mailing list