Authenticate Cyrus off active directory
Etienne Goyer
etienne.goyer at linuxquebec.com
Thu Dec 4 09:06:43 EST 2003
On Thu, Dec 04, 2003 at 07:41:54AM +0100, Nikola Milutinovic wrote:
> Why don't you user kerberized IMAP clients?
Because our 60K+ users base use a hodgepodge of IMAP client over which
we have no control. I am not quit sure our webmail (IMP) could be made to
authenticate via Kerberos either.
Also, the IMAP server are accessible from the Net, while the AD
controller (KDC) are not.
> This setup effectively defeats the idea of Kerberos, since SASLAuthD is used for
> PLAIN-text authentication. Unless it is running over SSL channel (mechanism
> "EXTERNAL"), you're sending USER/PASS in cleartext over the net.
Only IMAPS is exposed to the outside.
--
Etienne Goyer Linux Québec Technologies Inc.
http://www.LinuxQuebec.com etienne.goyer at linuxquebec.com
More information about the Info-cyrus
mailing list