>something that will eventually not work anyway. The funny thing is, if
>you are going to store passwords on your Microsoft AD server acting as
>a KDC, then what is the point of having a KDC in the first place...in
>terms of Microsoft authentication? This is why I say that Microsoft
>uses Kerberos just to appease the 'nix natives. It certainly has
>little use in their own products.
To be fair to Microsoft ... they do seem to use Kerberos in a number of
places. E.g., their instant messaging protocol is Kerberized (I
verified that with a network sniffer). From my conversations with
Microsoft people, the reason Exchange doesn't do GSSAPI-authenticate
IMAP really seems to be more tied up in lack of interest in the Exchange
group (for what reason, I dunno).