Kerberize MS Exchange?

Michael B Allen ioplex at
Thu Sep 4 15:00:24 EDT 2008

On Thu, Sep 4, 2008 at 2:26 PM, Eric Hill <eric at> wrote:
>> Kerberize it how?
>> MS Exchange uses a proprietary communications protocol so it's not
>> clear how Kerberos authentication even works in Exchange [1].
>> If you're talking about using IMAP4, last I checked MS Exchange does
>> not support Kerberos w/ IMAP4 at all.
>> Mike
>> [1] There is some new "Exchange Protocols" documentation released as
>> part of the EU settlement that might include such details.
> Actually the protocol doesn't really include anything for authentication.  The core Exchange security mechanism is a named pipe
> connection to the server, and a thread running ImpersonateNamedPipeClient on the server-side to handle requests on behalf of the
> user.
> Microsoft may or may not use Kerberos to authenticate the pipe.

I understand. That's good actually because there is quite a bit of
open code that can do Kerberos over Windows named pipes (including SMB
named pipes).

Incidentally, I have been informed off-list that newer versions of
Exchange's IMAP implementation actually do support Kerberos via


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the Kerberos mailing list