Hi,
Thanks for the reply!
>> + For exim acting as an SMTP client (i.e. when initiating an SMTP
>> connection to the smarthost) to use the data in a keytab to provide a
>> username and password to an authenticator.
>
>> + For exim acting as an SMTP client to use a Kerberos service ticket
>> (obtained with the credentials in the keytab) to authenticate to the
>> relay via GSSAPI.
>> This is the ideal scenario and in this instance the credentials would
>> never be sent over the wire.
>
> Neither at present. The correct fix is to expand the heimdal_gssapi
> authenticator to handle client-side authentication. This would be the
> simplest, with fewer layers of abstraction to manipulate, and is newer
> code (introduced with Exim 4.80).
I'm running MIT Kerberos. Can heimdal_gssapi speak to that?
Regards,
@ndy
--
andyjpb@???
http://www.ashurst.eu.org/
0x7EBA75FF
