Authenticate Cyrus off active directory

Etienne Goyer etienne.goyer at
Thu Dec 4 09:06:43 EST 2003

On Thu, Dec 04, 2003 at 07:41:54AM +0100, Nikola Milutinovic wrote:
> Why don't you user kerberized IMAP clients?

Because our 60K+ users base use a hodgepodge of IMAP client over which
we have no control.  I am not quit sure our webmail (IMP) could be made to
authenticate via Kerberos either.

Also, the IMAP server are accessible from the Net, while the AD
controller (KDC) are not.

> This setup effectively defeats the idea of Kerberos, since SASLAuthD is used for 
> PLAIN-text authentication. Unless it is running over SSL channel (mechanism 
> "EXTERNAL"), you're sending USER/PASS in cleartext over the net.

Only IMAPS is exposed to the outside.

Etienne Goyer                    Linux Québec Technologies Inc.       etienne.goyer at

More information about the Info-cyrus mailing list