On Thu, 2004-09-02 at 10:38 +0800, Not Zed wrote:
On Wed, 2004-09-01 at 16:53 +0200, nick galea wrote:Hi, I am considering replacing Outlook on our network (approximately 100 clients) with evolution. However, i have a number of questions regarding the central management of Evolution IMAP and POP3 account data for each user in a network: 1. The windows logon provides a single sign on for both windows and outlook. Meaning that when a user changes his/her password in windows this is automatic for outlook too. Is it possible to achieve a similar thing using Evolution and active directory? 2. If this is not possible with active directory then would it be possible using Novell Edirectory? I.e if i would move from active directory to novell edirectory for signing on, is there somehow an integration between Evolution and edirectory which would obsolete the need for the user to regularly change his IMAP or POP3 passwords even if he changes his windows or edirectory logon?Well you could change the system login and imap server/pop3 password using these sort of mechanisms, but that is independent of evolution. It wouldn't automatically change the user's 'remembered' password in Evolution though. Which may or may not be an issue (e.g. if you don't want users remembering their passwords), but they will be re-prompted. True single-signon would require the use of kerberos stuff as Jeff mentioned. Actually letting the users remember their password in such a context isn't particularly secure, since they are only stored on disk obfuscated and not encrypted and only relies on (enforced) unix filesystem permissions for security.If both are not available, does anyone know whether Novell is working on such an integration? Surely this would make sense for both Evolution and Edirectory users and since both are owned by Novell....There is work going on in the identity management/systems management area, and some of it relates to Evolution (specifically to configuring and locking down settings), but we are not directly party to this work. So I don't know the full scope of it. I agree this makes absolute sense. And I would be quite surprised if it isn't on some roadmap somewhere.And if not, does anyone know if this would be relatively easily developed for Evolution? If there is demand from other users too i would consider developing such an add-on module.Well one thing we have on our roadmap is integration with the gnome- key-ring thing, or whatever its called, which provides some centralised auth system, so i've heard. I don't really know much about it, but assuming it is extensible, it sounds like the approach that will lead to this goal ... eventually ... when its done.
as far as I understand it, gnome-key-ring is basically just e-passwords - e.g. it stores application passwords in a central location for apps to query. might keep the passwords encrypted on disc rather than just obfuscated like we do currently, but I don't really know the details myself. Jeff -- Jeffrey Stedfast Evolution Hacker - Novell, Inc. fejj ximian com - www.novell.com
Attachment:
smime.p7s
Description: S/MIME cryptographic signature