On Thu, Sep 4, 2008 at 2:26 PM, Eric Hill <[EMAIL PROTECTED]> wrote: >> Kerberize it how? >> >> MS Exchange uses a proprietary communications protocol so it's not >> clear how Kerberos authentication even works in Exchange [1]. >> >> If you're talking about using IMAP4, last I checked MS Exchange does >> not support Kerberos w/ IMAP4 at all. >> >> Mike >> >> [1] There is some new "Exchange Protocols" documentation released as >> part of the EU settlement that might include such details. > > Actually the protocol doesn't really include anything for authentication. > The core Exchange security mechanism is a named pipe > connection to the server, and a thread running ImpersonateNamedPipeClient on > the server-side to handle requests on behalf of the > user. > > Microsoft may or may not use Kerberos to authenticate the pipe.
I understand. That's good actually because there is quite a bit of open code that can do Kerberos over Windows named pipes (including SMB named pipes). Incidentally, I have been informed off-list that newer versions of Exchange's IMAP implementation actually do support Kerberos via GSSAPI. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
