I have to confess to a great deal of confusion regarding authentication
issues.
I am trying to get to a point were I can move Cyrus in to replace an
exchange system. I am getting tired of doing recovery of the exchange
mailstore when it bin-annually decides to self destruct.
Almost all the clients are outlook 2000 using IMAP.
Does the IMAP client have to support the authentication method chosen ?
I
have not read the details of the IMAP spec, but wouldn't Outlook have to
support Kerberose to be able to make use of it ?
I would like to run Cyrus as a black box on a Linux machine. I do not ca
re
and would probably prefer if the accounts on the Linux machine had nothing
to do with the mail accounts. I would prefer that the mail accounts were
authorized against a W2K DC. I am gathering that gives my authentication
choices of:
PAM
NTLM
K5
LDAP
Or K5 direct from SASL.
Since I do not need the IMAP users to validate in any other way on the Linux
box, a SASL direct method seems more appropriate than PAM. Which seems to
suggest K5.
However trying to connect Cyrus via K5 to a W2K DC seems to have an
enormous number of unknowns.
If the only thing I am using K5 for is Cyrus, do I need any other client
or
server authentication tools - I.E. Heimdal, or MIT K5 on the Linux box ? Do
I need to create a service account on the W2K DC for Cyrus ? Do I need to
create a machine account for the Linux box ? After I have all of this
working - if that is even possible, is Outlook going to be happy ?
