On Sun, Aug 24, 2003 at 11:28:23AM +0900, Christians, Stefan Mr. wrote: > On Sun, 2003-08-24 at 11:21, Steve Langasek wrote: > > On Sun, Aug 24, 2003 at 11:19:22AM +0900, Christians, Stefan Mr. wrote: > > > We are using KERBEROS for our user logins, and it works great ... except > > > that we are not fully benefiting from single-sign-on possibilities. > > > For example, if a user wants to wants to read his e-mail, he has to > > > re-enter his password to have access to the IMAP server (internal server > > > in the same domain and realm). > > > Or when he does SSH to another workstation, he also has to re-enter his > > > password (or use public key authentication). > > > Is there any way to set up PAM so that IMAP and SSH respect the user's > > > KERBEROS certificate? > > No. Install Kerberos-enabled imap and ssh servers, and use > > Kerberos-aware clients. > Now that was a fast reply. Thanks. > So may I conclude that stock IMAP and openSSH as well as Ximian > Evolution distributed with RH8 and RH9 are not Kerberos-aware? Not a question I can answer, I've never used RH8 or RH9. It's a safe bet that the stock openssh doesn't support Kerberos; there is a longstanding dispute with the OpenSSH upstream developers over this. I think Evolution has the option to support SASL authentication (which by extension means supporting Kerberos), but I don't know if that functionality is available with the Red Hat packages. -- Steve Langasek postmodern programmer
Attachment:
pgp00102.pgp
Description: PGP signature
