authentication using kerberos

[Aleksandar Milivojevic]

Rob Siemborski wrote:
> Do you have a host/(hostname) key in the database?

Hm, no I don't.  Does this mean that I also need to have account for 
host (that runs IMAP server) in Active Directory, or the account for 
IMAP service that runs on the server, or both?

> That said, you're not really "Authenticating using kerberos" here, 
> you're just doing password verification, which in many ways defeats the 
> point.

Well, password verification is really all I need.  I really don't need 
any other functionality provided by kerberos.  If user provided correct 
password (over TLS) to IMAPD, I want to let him in.  I just want to use 
Active Directory as simple and convinient password store that returns 
true or false.  I don't really need full kerberos system.  I'm not after 
single sign-on or anything fancy.  I'm attempting to use kerberos only 
because it is the way AD works, and I'm trying to keep it as simple as 
possible.  All that I really need is the stuff that kinit does.  It 
connects to AD, password is verified, I get true or false for password, 
and all the other stuff that kinit does after the password is verified 
is not of interest to me.

Can Cyrus IMAPD do that?  Or if not, can saslauthd do it?

P.S.
Sorry for (first) direct reply, I've hit reply instead of reply-all and 
noticed it when it was already too late :-(

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html