I am both very interested and somewhat confused by this thread.
I am very interested in switching from an NFS-mounted /usr/spool/mail
to either POP or IMAP, while avoiding the spewing of cleartext
passwords on the net which POP and IMAP normally involve.
I am confused by what people mean when they say "Kerberos
authenticated POP" in this thread. Do you mean "POP client sends
cleartext password to POP server which uses it to authenticate with
AFS Kerberos", or do you mean "POP client uses Kerberos service ticket
to authenticate securely with POP server"?
I have the former. I am clearly looking for the latter.
I'm hoping that I will not have to switch from AFS Kerberos to MIT
Kerberos.
I have collected the following data in my investigations:
The only freeware Unix MUAs which do POP seem to be mh, PINE, and
Mutt. I strongly dislike mh. Unless something has changed recently,
PINE does not do "disconnected mode" with either POP or IMAP - a fact
which is as disgusting as it is astonishing. Mutt does POP correctly,
but does not do Kerberized POP (as far as I know). Mutt is in "alpha",
but works quite well, supports MIME and PGP, and has a nice user
interface.
Netscape 3 and 4 do POP, but not Kerberized. Netscape can also use
"movemail", but "movemail" does not seem to support Kerberized POP
(but I'll bet it could).
On PCs and Macs, Netscape is the same as on Unix, but without "movemail".
Eudora supports POP with or without Kerberos, but I'm not sure whether
or not it will work with AFS Kerberos.
The only circumstance in which I think Kerberos authentication would
pose a performance problem is when the POP or IMAP server is obtaining
an AFS fileservice ticket in addition to simply authenticating with
Kerberos. This is harmful and unnecessary.
I would appreciate any corrections/additions to the above. Especially
useful would be cookbook instructions on using AFS Kerberos for POP
authentication.
Thanks,
-Rick
--
|Rick Cochran phone: 607-255-7223|
|Cornell Materials Science Center FAX: 607-255-3957|
|E20 Clark Hall, Ithaca, N.Y. 14853 email: [EMAIL PROTECTED]|
| "The Founding Fathers did not establish the United States as a |
| democratic republic so that elected officials would decide trivia, |
| while all great questions would be decided by the judiciary." |
| Judge Andrew Kleinfeld |
