Hi Gary,--On 28. November 2007 19:40:22 -0600 Gary Mills <mills@xxxxxxxxxxxxxxx> wrote:
We have a central database that contains Unix, NTLM, and SASL passwords, permitting single-password signons for Unix and Windows desktops, and for Cyrus IMAP. I'd like to add Kerberos to this mix, but only for IMAP authentications initially. This would permit single-signon from Unix IMAP clients like mutt and pine, and especially from a webmail application using pubcookie for authentication. I'd like Kerberos to use the same passwords, rather than supporting another password database. Is anybody doing this? Is it even possible?
I don't think so, but I could be wrong.
If not, would it be possible to keep them synchronized?
Well, I would assume that your "SASL passwords" are actually plain text, right? If you have the the actual passwords you can of course keep two databases in sync. We do something similar. There's a cron job that runs once per hour and handles deltas.
--
.:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:.
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
.:.Universität zu Köln / Cologne University - ✆ +49-221-478-5587.:.
.:.:.:.Skype: shagedorn.:.:.:.Attachment:
pgpEPS3o57Zfe.pgp
Description: PGP signature
