[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [Evolution] SMTP AUTH and Evo

From: Adam Williams <awilliam whitemice org>
To: Tony Earnshaw <tonni billy demon nl>
Cc: evolution ximian com, Jeffrey Stedfast <fejj ximian com>
Subject: Re: [Evolution] SMTP AUTH and Evo
Date: 02 Sep 2002 08:56:44 -0400

>>GSSAPI is what provides Kerberos V, yes?
>No, Kerberos V provides Kerberos V.

It Cyrus IMAPd, OpenLDAP, PHP, and Samba; Kerberos V *IS* provided via 
GSS.  "gssapi.h" is found under  /usr/kerberos/include/gssapi/.  But I
don't know if there is another -direct- API that can be used.  I only
use Kerberos V not develope on it

>>I've asked about this on the
>>list a couple of times.  I've seen other people ask about it.  Kerberos
>>networks are hardly rare, and becoming more common.
>I'd dispute that. I would assert that Kerberos is an outdated system
>from the beginning of time that is rapidly being overtaken by more
>recent technology. And I know, because I have to know how to configure
>and use it.

I'll have to flat out disagree. Windows 2000, XP, and Active Directory
*finally* brought Kerberos V to the M$ platform.  It is the ONLY
authentication method supported by an AD "domain" (mixed mode aside). 
Don't see how  that makes it outdated.  And I certainly don't see
anything standing in line to compete with it.  It is the ONLY
single-sign-on technology I've ever encountered that actually works.

>>Linux boxes in a
>>WinY2k domain are almost certainly using Kerberos V.
>That is not so.

?  Then what do they do.  winbind, etc..., only support NT4 domains. 
Turn off mixed-mode on the server, and what have your got - Kerberos V.

>>Please consider
>>this requested.  Evolution is the only app that I actually have to enter
>>a password (beyond gdm of course) to access stuff.
>You wouldn't have to enter a password unless someone (a sysadmin?) made
>that mandatory. 

I am the sys-admin.  So people should be able to access mailboxes
without authenticating to the mail server?

>Having to enter a password does not mean anything else
>than that you are required to authenticate yourself by any one of
>several different means. 

Yea, that is the point.

>If you have to enter a password in Evo, you'd
>have to enter it in Mozilla or Outlook as well.

Don't know about mozilla.  But not in Outlook on WinY2k, or pine on
UNIX.  They support Kerberos V and perform ticket forwarding and
negotiation and I'm authenticated to the mail server with no password,
as I already authenticated to the KDC (when I logged in).  Kerberos V is
a single sign-on system.

Follow-Ups:
- Re: [Evolution] SMTP AUTH and Evo
  - From: Tony Earnshaw

References:
- [Evolution] SMTP AUTH and Evo
  - From: Tony Earnshaw
- Re: [Evolution] SMTP AUTH and Evo
  - From: Jeffrey Stedfast
- Re: [Evolution] SMTP AUTH and Evo
  - From: Tony Earnshaw
- Re: [Evolution] SMTP AUTH and Evo
  - From: Adam Williams
- Re: [Evolution] SMTP AUTH and Evo
  - From: Tony Earnshaw

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]