Date: Thu, 3 Dec 1998 15:29:12 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Lyndon Nerenberg <lyndon@execmail.com> Cc: woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: mail.local Message-ID: <Pine.BSF.3.96.981203152638.13933A-100000@fledge.watson.org> In-Reply-To: <199812031844.LAA14212@rembrandt.esys.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Dec 1998, Lyndon Nerenberg wrote: > Not that I'm a big fan of pre-authentication. You still have to support > communication with remote servers no matter what, so you have to have > the code to handle AUTHENTICATE. If you want cached credentials, use > Kerberos. (This is how we run our email in-house.) And you're now > saying "but Kerberos is a pain to administer." As it's deployed, I > agree. That argument vanishes if someone writes a user-friendly > administration front-end to Kerberos to hand-hold a site through the > intial setup of the Kerberos environment. Make that part easy, and lots > of people will start using it. (And the recent PAM work will make the > use of Kerberos much more attractive.) Kerberos is easy -- it's finding clients that support KerberosIV under UNIX that's hard. That is, I have yet to find a copy of the Pine 3.9x Kerberos IV patches that compile cleanly under FreeBSD, and I don't have time to write them myself. What I should really do is upgrade to K5 (which has native support under more recent versions of Pine), but I don't believe that the CMU Cyrus server supports K5, only K4. I would have migrated all of the users of my system to the cyrus server long ago if pine 3.9x didn't keep asking for passwords and sending them in the clear text to my cyrus server. :) Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981203152638.13933A-100000>