>>>>> "Jeffrey" == Jeffrey Hutzelman <[EMAIL PROTECTED]> writes:
Jeffrey> On Monday, September 12, 2005 15:13:27 +0000 Jeffrey Jeffrey> Altman Jeffrey> <[EMAIL PROTECTED]> wrote: >> This can end up causing some problems for end users. It is >> entirely possible for the GSSAPI authentication to succeed and >> yet the user will be unable to access the mailbox they are >> attempting to reach because the principal used is not the one >> which has authorization for accessing the mailbox. Jeffrey> And yet, it is what nearly every Kerberized application Jeffrey> in existance does, and it seems to work reasonably well. Jeffrey> I realize that you would like to see a better UI for Jeffrey> client credential selection, but today, this is the best Jeffrey> current practice. I actually have to agree with Jeff Hutzelman here. I think you definitely want the default behavior to be what Thunderbird is doing now: use the default principal and do gss if the server offers it. --Sam ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos