[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos support in standard services

To: heimdal-discuss@sics.se
Subject: Re: Kerberos support in standard services
From: Brian May <bam@snoopy.apana.org.au>
Date: Thu, 07 Jul 2005 09:38:31 +1000
In-Reply-To: <1120633929.6159.177.camel@amy.samba4.abartlet.net> (Andrew Bartlett's message of "Wed, 06 Jul 2005 17:12:09 +1000")
Mail-Followup-To: heimdal-discuss@sics.se
References: <1120612841.6159.119.camel@amy.samba4.abartlet.net><sa4mzp0zhqd.fsf@snoopy.microcomaustralia.com.au><1120633929.6159.177.camel@amy.samba4.abartlet.net>
Sender: owner-heimdal-discuss@sics.se
User-Agent: T-gnus/6.17.2 (based on No Gnus v0.2) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI)

Note: I changed the subject

>>>>> "Andrew" == Andrew Bartlett <abartlet@samba.org> writes:

    Andrew> SASL covers most of this problem, and as I understand it,
    Andrew> it is a far more standard solution than kpop.  I don't
    Andrew> know if the mail clients and server use the sign/seal end
    Andrew> or just the authentication, but I certainly see GSSAPI as
    Andrew> a supported password type for evolution.

I think most servers and clients don't support SASL yet.

On this mailing list people have said
 * cryus imap and pop support SASL.
 * evolution supports GSSAPI (hopefully via SASL?)

I am not sure if this support is in the Debian package though, I
can't see SASL in the depends for the packages. Still it is good that
upstream support it.

Personally, I use mutt, Gnus, imp (web based), and courier-*, I don't
think any support SASL. Then again, Gnus doesn't support SSL properly
either[1].

Once-upon-a-time there was an Apache module for Kerberos
authentication. It seemed a bit pointless at the time, because no
clients supported it. Also SASL would be better... What is the current
status of this module. Does it still exist?

Notes:

[1] Gnus blindly calls the "openssl s_client", and no concept of
displaying messages to the user if there is a problem with the server
certificate. So, yes, it does support SSL, but it hardly works to
prevent man-in-the-middle attacks. At least it was like this last I
tested it, I don't think anything has changed.
-- 
Brian May <bam@snoopy.apana.org.au>

Follow-Ups:
- Re: Kerberos support in standard services
  - From: sxw@dcs.ed.ac.uk
- Re: Kerberos support in standard services
  - From: Bjorn Torkelsson <torkel@hpc2n.umu.se>
- Re: Kerberos support in standard services
  - From: Keith Matthews <heimdal@frequentous.co.uk>
- Re: Kerberos support in standard services
  - From: Ken Hornstein <kenh@cmf.nrl.navy.mil>

References:
- Future of kerberised telnet, login, rsh, ftp?
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: Future of kerberised telnet, login, rsh, ftp?
  - From: Brian May <bam@snoopy.apana.org.au>
- Re: Future of kerberised telnet, login, rsh, ftp?
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Re: Future of kerberised telnet, login, rsh, ftp?
Next by Date: Re: Future of kerberised telnet, login, rsh, ftp?
Prev by thread: Re: Future of kerberised telnet, login, rsh, ftp?
Next by thread: Re: Kerberos support in standard services
Index(es):
- Date
- Thread