none
Change SMTP-Authentification for only one mail-adress (user) to only password?

    Question

  • Hi guys, 

    we are running Exchange Server 2013 and are facing a problem. 

    We are using a program for our company administration. this program should send us emails but cant handle Kerberos / GSSAPI as authentification (what we are using right now). StartTLS and port 587 arent a problem. 

    Can I change the authentification to a simple password (and therefore disable Kerberos/GSSAPI) for only one user? 

    And if not, how can I change it in general for my Exchange Server 2013? 

    Thanks to you all! 

    Tuesday, March 7, 2017 12:17 PM

Answers

  • Hi,

    Per my experience, it is not possible to disable Kerberos. Kerberos authentication is a separate service that runs as the "third party" authentication mechanisms that protects AD preventing session replay attacks.

    Clients may use Kerberos or NTLM to authenticate with the Receive connector. If the AuthMechanism parameter contains Integrated, and the EnableAuthGSSAPI parameter is set to $false, the AUTH NTLM keyword is advertised in the EHLO response of the Receive connector. Clients may only use NTLM to authenticate with the Receive connector.

    We can use command: Get-ReceiveConnector "RECEIVE CONNECTOR NAME" | Set-ReceiveConnector -EnableAuthGSSAPI $FALSE to set it.

    For detailed information please refer to the parameter EnableAuthGSSAPI in the following article:

    https://technet.microsoft.com/en-us/library/bb125140(v=exchg.150).aspx

    Hope it helps.


    Regards,

    Jason Chao


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, March 8, 2017 7:39 AM
    Moderator