--On Friday, February 3, 2006 6:42 PM -0800 Mark Crispin
<[EMAIL PROTECTED]> wrote:
I could count the number of times I've been asked about supporting SASL
security layers in UW imapd on one hand...and still have some fingers
left!
Penn will happy take another finger. :-)
For that matter, relatively few IMAP clients support Kerberos. I use
Kerberos with IMAP extensively, and have always just used TLS for
security.
Penn is doing everything we can to increase the number of Kerberized IMAP
clients, like contributing the funds to Kerberize Eudora and contributing
the SASL/GSSAPI/Kerberos implementation recently introduced in
Thunderbird (we'll have LDAP done by the next release).
We have also kinda-sorta Kerberized Horde/IMP webmail and have
implemented SASL/GSSAPI/Kerberos for authentication with the webmail
"imapproxy" program. However, because the HTTP connection from the user
to the webmail host is not Kerberized, the implementation requires some
trust on the part of the IMAP server that the webmail service has
properly authorized the user. Someday, when we have a proper Kerberos
over HTTP solution, we'll be all the way there.
Sadly, the loss of Mulberry in October makes it a two step forward, one
step back sort of process.
Mark
_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
