“Well, if you believe that it's ok for you to use it.”
Not sure if you mean I’m being presumptuous (not intended) or actually
that I would see value in using it - I think you meant the latter but
again, not sure…(lol)
Anyway, I would see value in at least checking it out - seems
interesting…
- - -
On 27 Apr 2022, at 9:52, Michael Ströder wrote:
On 4/27/22 18:39, Demi Marie Obenour wrote:
On 4/27/22 12:27, Michael Ströder wrote:
On 4/27/22 14:37, Jahnke-Zumbusch, Dirk wrote:
I’m very interested in what options / solutions (if any) exist
that allow
you to use a passwordless approach to authenticating your users
against
imaps/pop3/smtps/submission services (tls encrypted of course)
one way to authenticate may be using Kerberos.
Not recommended for roaming users accessing submission service via
public Internet.
Hard disagree; Kerberos is safe for use over the Internet.
Well, if you believe that it's ok for you to use it.
My personal preference is to avoid storing shared secrets in a
directly accessible network services. And I'm saying this as somebody
who tried hard to secure OATH-LDAP services (HOTP with Yubikey and
OpenLDAP).
BTW: My doubts are not about the Kerberos crypto used. My doubts are
rather about the many unknown security bugs in all the systems
involved which might allow attackers to get hold of the shared
secrets.
Ciao, Michael.
