>>GSSAPI is what provides Kerberos V, yes? >No, Kerberos V provides Kerberos V.
It Cyrus IMAPd, OpenLDAP, PHP, and Samba; Kerberos V *IS* provided via GSS. "gssapi.h" is found under /usr/kerberos/include/gssapi/. But I don't know if there is another -direct- API that can be used. I only use Kerberos V not develope on it >>I've asked about this on the >>list a couple of times. I've seen other people ask about it. Kerberos >>networks are hardly rare, and becoming more common. >I'd dispute that. I would assert that Kerberos is an outdated system >from the beginning of time that is rapidly being overtaken by more >recent technology. And I know, because I have to know how to configure >and use it. I'll have to flat out disagree. Windows 2000, XP, and Active Directory *finally* brought Kerberos V to the M$ platform. It is the ONLY authentication method supported by an AD "domain" (mixed mode aside). Don't see how that makes it outdated. And I certainly don't see anything standing in line to compete with it. It is the ONLY single-sign-on technology I've ever encountered that actually works. >>Linux boxes in a >>WinY2k domain are almost certainly using Kerberos V. >That is not so. ? Then what do they do. winbind, etc..., only support NT4 domains. Turn off mixed-mode on the server, and what have your got - Kerberos V. >>Please consider >>this requested. Evolution is the only app that I actually have to enter >>a password (beyond gdm of course) to access stuff. >You wouldn't have to enter a password unless someone (a sysadmin?) made >that mandatory. I am the sys-admin. So people should be able to access mailboxes without authenticating to the mail server? >Having to enter a password does not mean anything else >than that you are required to authenticate yourself by any one of >several different means. Yea, that is the point. >If you have to enter a password in Evo, you'd >have to enter it in Mozilla or Outlook as well. Don't know about mozilla. But not in Outlook on WinY2k, or pine on UNIX. They support Kerberos V and perform ticket forwarding and negotiation and I'm authenticated to the mail server with no password, as I already authenticated to the KDC (when I logged in). Kerberos V is a single sign-on system. _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
