Kerberize MS Exchange?
Michael B Allen
ioplex at gmail.com
Thu Sep 4 15:00:24 EDT 2008
On Thu, Sep 4, 2008 at 2:26 PM, Eric Hill <eric at ijack.net> wrote:
>> Kerberize it how?
>>
>> MS Exchange uses a proprietary communications protocol so it's not
>> clear how Kerberos authentication even works in Exchange [1].
>>
>> If you're talking about using IMAP4, last I checked MS Exchange does
>> not support Kerberos w/ IMAP4 at all.
>>
>> Mike
>>
>> [1] There is some new "Exchange Protocols" documentation released as
>> part of the EU settlement that might include such details.
>
> Actually the protocol doesn't really include anything for authentication. The core Exchange security mechanism is a named pipe
> connection to the server, and a thread running ImpersonateNamedPipeClient on the server-side to handle requests on behalf of the
> user.
>
> Microsoft may or may not use Kerberos to authenticate the pipe.
I understand. That's good actually because there is quite a bit of
open code that can do Kerberos over Windows named pipes (including SMB
named pipes).
Incidentally, I have been informed off-list that newer versions of
Exchange's IMAP implementation actually do support Kerberos via
GSSAPI.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list