Allow Davmail to do pass through authenticate Kerberos on all protocols.
This is very useful for environments that authenticate their Linux systems via AD (whether via native or third party systems such as Quest or Likewise etc) or have a Kerberos to AD trust in place.
It saves the user from getting a second challenge for passwords when opening the email programs (or multiple ones, one for each protocol). This is particularly annoying as most AD environments insist on regular password changes. It is also possible that certain sites maybe very unhappy for users to save passwords in email programs (thereby allowing another user with root access to su to them and read all their emails, Kerberos reduces this risk).
I'm not sure if you select IMAP Kerbeos/GSSAPI in Thunderbird say , what is exactly passed. I don't know enough about it but I'd guess you might only get the "IMAP/" tickets. I'd guess DavMail would need access to the TGT to get a "HTTP/" ticket for passwordless connection to exchange WEBDAV/EWS.
I suppose if the above is true this Kerberized authentication may only be possible if DavMail is on the users local machine (where it can read the users TGT) and not on the server version. I don't know.
It would be nice if all the protocols had Kerberos pasthrough, IMAP, LDAP, SMTP, CALDAV etc.
Not sure if Thunderbird (lightning) supports Kerberized Caldav ?
Log in to post a comment.