Kerberos support in Thunderbird
Jeffrey Hutzelman
jhutz at cmu.edu
Mon Sep 12 13:39:56 EDT 2005
On Monday, September 12, 2005 15:13:27 +0000 Jeffrey Altman
<jaltman2 at nyc.rr.com> wrote:
> This can end up causing some problems for end users. It is entirely
> possible for the GSSAPI authentication to succeed and yet the user
> will be unable to access the mailbox they are attempting to reach
> because the principal used is not the one which has authorization for
> accessing the mailbox.
And yet, it is what nearly every Kerberized application in existance does,
and it seems to work reasonably well. I realize that you would like to see
a better UI for client credential selection, but today, this is the best
current practice.
That said, most mail software I've seen does allow the user to specify the
authentication mechanism to use on a per-account basis. That would seem to
be appropriate here, as well.
-- Jeff
More information about the Kerberos
mailing list