[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Kerberos support in standard services
Note: I changed the subject
>>>>> "Andrew" == Andrew Bartlett <firstname.lastname@example.org> writes:
Andrew> SASL covers most of this problem, and as I understand it,
Andrew> it is a far more standard solution than kpop. I don't
Andrew> know if the mail clients and server use the sign/seal end
Andrew> or just the authentication, but I certainly see GSSAPI as
Andrew> a supported password type for evolution.
I think most servers and clients don't support SASL yet.
On this mailing list people have said
* cryus imap and pop support SASL.
* evolution supports GSSAPI (hopefully via SASL?)
I am not sure if this support is in the Debian package though, I
can't see SASL in the depends for the packages. Still it is good that
upstream support it.
Personally, I use mutt, Gnus, imp (web based), and courier-*, I don't
think any support SASL. Then again, Gnus doesn't support SSL properly
Once-upon-a-time there was an Apache module for Kerberos
authentication. It seemed a bit pointless at the time, because no
clients supported it. Also SASL would be better... What is the current
status of this module. Does it still exist?
 Gnus blindly calls the "openssl s_client", and no concept of
displaying messages to the user if there is a problem with the server
certificate. So, yes, it does support SSL, but it hardly works to
prevent man-in-the-middle attacks. At least it was like this last I
tested it, I don't think anything has changed.
Brian May <email@example.com>