Re: Kerberos x pam

From: Rob Siemborski (rjs3 at andrew dot cmu dot edu)
Date: Wed Mar 17 2004 - 09:39:51 EST

  • Next message: Rob Siemborski: "Re: RES: Kerberos x pam"

    I'm not sure about your windows-related issues, but I can speek from a
    Heimdal Kerberos enviornment..

    On Wed, 17 Mar 2004, Estevam Henrique Carvalho wrote:

    > What is the best way of providing the users to access the e-mail using the
    > Windows password ? pam_winbind or Kerberos ?
    >
    > Will the Kerberos 5 work with Cyrus and SASL ?

    Yes -- though, as I said, I'll remain silent about Microsoft Kerberos.

    > Does Kerberos also require plan text password as pam modules does ?

    If you mean "plaintext over the network" -- neither of these requires
    that, you can always throw a TLS layer on top to protect the plaintext
    password. Kerberos (via the GSSAPI SASL mechanism) will avoid sending the
    password across the network alltogether, however.

    > This message may contain confidential and/or privileged information. If you
    > are not the addressee or authorized to receive this for the addressee, you
    > must not use, copy, disclose, change, take any action based on this message
    > or any information herein. If you have received this message in error,
    > please advise the sender immediately by reply e-mail and delete this
    > message. Thank you for your cooperation.

    This sort of disclaimer used on a public mailing list can make it very
    difficult to respond.

    -Rob

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
    Research Systems Programmer * /usr/contributed Gatekeeper


  • Next message: Rob Siemborski: "Re: RES: Kerberos x pam"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD