On Thu, Dec 04, 2003 at 07:41:54AM +0100, Nikola Milutinovic wrote: > Why don't you user kerberized IMAP clients?
Because our 60K+ users base use a hodgepodge of IMAP client over which we have no control. I am not quit sure our webmail (IMP) could be made to authenticate via Kerberos either. Also, the IMAP server are accessible from the Net, while the AD controller (KDC) are not. > This setup effectively defeats the idea of Kerberos, since SASLAuthD is used for > PLAIN-text authentication. Unless it is running over SSL channel (mechanism > "EXTERNAL"), you're sending USER/PASS in cleartext over the net. Only IMAPS is exposed to the outside. -- Etienne Goyer Linux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
