RES: Kerberos x pam

From: Estevam Henrique Carvalho (estevamh at bmf dot com dot br)
Date: Wed Mar 17 2004 - 09:50:25 EST

  • Next message: Gary Mills: "Using encode/decode with SASL and Mysql"

    The concern about plain text comes to me after reading
    http://asg.web.cmu.edu/cyrus/download/imapd/install-auth.html

    -----Mensagem original-----
    De: Rob Siemborski [mailto:rjs3 at andrew dot cmu dot edu]
    Enviada em: quarta-feira, 17 de março de 2004 11:40
    Para: Estevam Henrique Carvalho
    Cc: 'cyrus-sasl at lists dot andrew dot cmu dot edu'
    Assunto: Re: Kerberos x pam

    I'm not sure about your windows-related issues, but I can speek from a
    Heimdal Kerberos enviornment..

    On Wed, 17 Mar 2004, Estevam Henrique Carvalho wrote:

    > What is the best way of providing the users to access the e-mail using the
    > Windows password ? pam_winbind or Kerberos ?
    >
    > Will the Kerberos 5 work with Cyrus and SASL ?

    Yes -- though, as I said, I'll remain silent about Microsoft Kerberos.

    > Does Kerberos also require plan text password as pam modules does ?

    If you mean "plaintext over the network" -- neither of these requires
    that, you can always throw a TLS layer on top to protect the plaintext
    password. Kerberos (via the GSSAPI SASL mechanism) will avoid sending the
    password across the network alltogether, however.

    > This message may contain confidential and/or privileged information. If
    you
    > are not the addressee or authorized to receive this for the addressee, you
    > must not use, copy, disclose, change, take any action based on this
    message
    > or any information herein. If you have received this message in error,
    > please advise the sender immediately by reply e-mail and delete this
    > message. Thank you for your cooperation.

    This sort of disclaimer used on a public mailing list can make it very
    difficult to respond.

    -Rob

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
    Research Systems Programmer * /usr/contributed Gatekeeper

    =========================================================
    Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você
    não for o destinatário ou a pessoa autorizada a receber esta mensagem, não
    deverá utilizar, copiar, alterar, divulgar a informação nela contida ou
    tomar qualquer ação baseada nessas informações. Se você recebeu esta
    mensagem por engano, por favor avise imediatamente o remetente, respondendo
    o e-mail e em seguida apague-o. Agradecemos sua cooperação.

    This message may contain confidential and/or privileged information. If you
    are not the addressee or authorized to receive this for the addressee, you
    must not use, copy, disclose, change, take any action based on this message
    or any information herein. If you have received this message in error,
    please advise the sender immediately by reply e-mail and delete this
    message. Thank you for your cooperation.
    =========================================================


  • Next message: Gary Mills: "Using encode/decode with SASL and Mysql"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD