[Kolab-devel] Active Directory synchronization in Kolab 2

Henning Holtschneider henning at loca.net
Mon Sep 19 18:19:25 CEST 2005


On Monday 19 September 2005 17:33, Martin Konold wrote:

> > 2. As far as I know, the plaintext password is needed to log into the
> > POP3/IMAP server (the connection is being encrypted, but the password is
> > still sent "as is"). But the AD user password in only available encrypted
> > on a Windows machine. So, for true AD integration on the client side, we
> > either need some kind of Kerberos authentication on the IMAP server
>
> This needs to be integrated into SASL on the server side. Then there is no
> need to modify any client.

If I'm not completely wrong, the SASL Kerberos authentication only allows the 
password submitted to the IMAP server to be checked against the AD. Toltec 
Connector still uses its own password to talk to the IMAP server. But this 
requires the user to change the password within Outlook/Toltec whenever 
he/she changes the AD password. That's inconvinient for many (non-technical) 
users and it should be possible to use Kerberos authentication between the 
client and the IMAP server. I don't know enough about Windows programming to 
judge if the AD controller will be able to issue the required IMAP service 
ticket, though.

Regards,
Henning Holtschneider
--
LocaNet oHG - http://www.loca.net
Lindemannstrasse 81, D-44137 Dortmund
tel +49 231 91596-25, fax +49 231 91596-55
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20050919/d501e56a/attachment.sig>


More information about the devel mailing list