Re: [Evolution] SMTP AUTH and Evo

From: Adam Williams <awilliam whitemice org>
To: Tony Earnshaw <tonni billy demon nl>
Cc: evolution ximian com, Jeffrey Stedfast <fejj ximian com>
Subject: Re: [Evolution] SMTP AUTH and Evo
Date: 02 Sep 2002 08:56:44 -0400

GSSAPI is what provides Kerberos V, yes?

No, Kerberos V provides Kerberos V.


It Cyrus IMAPd, OpenLDAP, PHP, and Samba; Kerberos V *IS* provided via 
GSS.  "gssapi.h" is found under  /usr/kerberos/include/gssapi/.  But I
don't know if there is another -direct- API that can be used.  I only
use Kerberos V not develope on it

I've asked about this on the
list a couple of times.  I've seen other people ask about it.  Kerberos
networks are hardly rare, and becoming more common.

I'd dispute that. I would assert that Kerberos is an outdated system
from the beginning of time that is rapidly being overtaken by more
recent technology. And I know, because I have to know how to configure
and use it.


I'll have to flat out disagree. Windows 2000, XP, and Active Directory
*finally* brought Kerberos V to the M$ platform.  It is the ONLY
authentication method supported by an AD "domain" (mixed mode aside). 
Don't see how  that makes it outdated.  And I certainly don't see
anything standing in line to compete with it.  It is the ONLY
single-sign-on technology I've ever encountered that actually works.

Linux boxes in a
WinY2k domain are almost certainly using Kerberos V.

That is not so.


?  Then what do they do.  winbind, etc..., only support NT4 domains. 
Turn off mixed-mode on the server, and what have your got - Kerberos V.

Please consider
this requested.  Evolution is the only app that I actually have to enter
a password (beyond gdm of course) to access stuff.

You wouldn't have to enter a password unless someone (a sysadmin?) made
that mandatory.


I am the sys-admin.  So people should be able to access mailboxes
without authenticating to the mail server?

Having to enter a password does not mean anything else
than that you are required to authenticate yourself by any one of
several different means.


Yea, that is the point.

If you have to enter a password in Evo, you'd
have to enter it in Mozilla or Outlook as well.


Don't know about mozilla.  But not in Outlook on WinY2k, or pine on
UNIX.  They support Kerberos V and perform ticket forwarding and
negotiation and I'm authenticated to the mail server with no password,
as I already authenticated to the KDC (when I logged in).  Kerberos V is
a single sign-on system.

Follow-Ups:
- Re: [Evolution] SMTP AUTH and Evo
  - From: Tony Earnshaw

References:
- [Evolution] SMTP AUTH and Evo
  - From: Tony Earnshaw
- Re: [Evolution] SMTP AUTH and Evo
  - From: Jeffrey Stedfast
- Re: [Evolution] SMTP AUTH and Evo
  - From: Tony Earnshaw
- Re: [Evolution] SMTP AUTH and Evo
  - From: Adam Williams
- Re: [Evolution] SMTP AUTH and Evo
  - From: Tony Earnshaw

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]