292837Re: GSSAPI SMTPD Authentication and MS Active Directory
- Apr 25, 2013--On Thursday, April 25, 2013 12:27 PM -0700 Matthew Larsen
>> If you want to use SASL/GSSAPI, the clients have to be able to get a TGTBut exchange knows about your domain, correct? And how to authenticate
>> from the KDC.
> The reason I've been looking at configuring the SASL/GSSAPI mechanism is
> that's what I see the current Exchange server doing. I'm hoping to
> build something I can drop in place without needing to touch client
> systems for reconfiguration.
users to AD?
> I'm just puzzled as to how this works because the clients aren'tBecause Exchange is cheating and doing the kerberos auth for them to AD?
> members of our AD domain, and I strongly doubt they have data for, or
> access to, the DNS servers in the domain or a KDC. All they are given
> is an SMTP server, username (DOMAIN\Username), and password.
I.e., it isn't the clients themselves doing SASL/GSSAPI, correct? It is
> It's also my understanding that the GSSAPI mechanism is more secure onAny form of encryption is more secure than plain text... so yes, that is a
> the wire than a plain text authentication method without TLS. Is that
Sr. Member of Technical Staff
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
- << Previous post in topic Next post in topic >>