[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos support in standard services

Note: I changed the subject

>>>>> "Andrew" == Andrew Bartlett <abartlet@samba.org> writes:

    Andrew> SASL covers most of this problem, and as I understand it,
    Andrew> it is a far more standard solution than kpop.  I don't
    Andrew> know if the mail clients and server use the sign/seal end
    Andrew> or just the authentication, but I certainly see GSSAPI as
    Andrew> a supported password type for evolution.

I think most servers and clients don't support SASL yet.

On this mailing list people have said
 * cryus imap and pop support SASL.
 * evolution supports GSSAPI (hopefully via SASL?)

I am not sure if this support is in the Debian package though, I
can't see SASL in the depends for the packages. Still it is good that
upstream support it.

Personally, I use mutt, Gnus, imp (web based), and courier-*, I don't
think any support SASL. Then again, Gnus doesn't support SSL properly

Once-upon-a-time there was an Apache module for Kerberos
authentication. It seemed a bit pointless at the time, because no
clients supported it. Also SASL would be better... What is the current
status of this module. Does it still exist?


[1] Gnus blindly calls the "openssl s_client", and no concept of
displaying messages to the user if there is a problem with the server
certificate. So, yes, it does support SSL, but it hardly works to
prevent man-in-the-middle attacks. At least it was like this last I
tested it, I don't think anything has changed.
Brian May <bam@snoopy.apana.org.au>