Kerberize MS Exchange?

Sun Oct 12 11:05:57 EDT 2008

I use it against Cyrus IMAP v2.3.12p2 server (both client and server on 
Linux) with AD as kdc.

* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 
AUTH=PLAIN AUTH=GSSAPI AUTH=CRAM-MD5 SASL-IR] imap.server.home Cyrus IMAP 
v2.3.12p2 server ready
1 capability
* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 AUTH=PLAIN 
AUTH=GSSAPI AUTH=CRAM-MD5 SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS 
NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE 
CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED URLAUTH
1 OK Completed
2 authenticate GSSAPI
+ YIIGjwYJKoZIhv....
+ YIGDBgk....
+ YDAGCSqGSIb3EgE....
2 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte 
QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES 
ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED URLAUTH] 
Success (no protection)

.
.

Markus

"Victor Sudakov" <vas at mpeks.no-spam-here.tomsk.su> wrote in message 
news:gcs72m$2ci$1 at relay.tomsk.ru...
> Victor Sudakov wrote:
>> > >
>> > >> Incidentally, I have been informed off-list that newer versions of
>> > >> Exchange's IMAP implementation actually do support Kerberos via
>> > >> GSSAPI.
>> > >
>> > > And what win32 IMAP clients can authenticate with GSSAPI?
>
>> > Thunderbird is reported to be able to do this:
>> > http://kb.mozillazine.org/Network.auth.use-sspi
>
>> > I have not tried it, but it looks promising.
>
>> I have tried Thunderbird 2.0.0.14 for Windows with
>> network.auth.use-sspi set to either true or false.
>
>> Ethereal does not see Thunderbird requesting any tickets for
>> imap/relay2.tomsk.ru from AD. It just keeps asking for my password and
>> does not create any traffic to the DC. Am I missing something?
>
> Is there anyone for whom Thunderbird with GSSAPI really works?
> I hope it is not just theory, someone is using it or has tested it?
>
> -- 
> Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
> 2:5005/49 at fidonet http://vas.tomsk.ru/ 