[Kolab-devel] Active Directory synchronization in Kolab 2
Henning Holtschneider
henning at loca.net
Mon Sep 19 18:19:25 CEST 2005
On Monday 19 September 2005 17:33, Martin Konold wrote:
> > 2. As far as I know, the plaintext password is needed to log into the
> > POP3/IMAP server (the connection is being encrypted, but the password is
> > still sent "as is"). But the AD user password in only available encrypted
> > on a Windows machine. So, for true AD integration on the client side, we
> > either need some kind of Kerberos authentication on the IMAP server
>
> This needs to be integrated into SASL on the server side. Then there is no
> need to modify any client.
If I'm not completely wrong, the SASL Kerberos authentication only allows the
password submitted to the IMAP server to be checked against the AD. Toltec
Connector still uses its own password to talk to the IMAP server. But this
requires the user to change the password within Outlook/Toltec whenever
he/she changes the AD password. That's inconvinient for many (non-technical)
users and it should be possible to use Kerberos authentication between the
client and the IMAP server. I don't know enough about Windows programming to
judge if the AD controller will be able to issue the required IMAP service
ticket, though.
Regards,
Henning Holtschneider
--
LocaNet oHG - http://www.loca.net
Lindemannstrasse 81, D-44137 Dortmund
tel +49 231 91596-25, fax +49 231 91596-55
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20050919/d501e56a/attachment.sig>
More information about the devel
mailing list