On Tue, Feb 11, 2014 at 01:37:17PM -0800, fleon wrote:
> Some would argue that using the virtual smtp server (that asks for no
> password) is better, since with the current setup i have to make sure the
> user that will send the mail (which should be static, as they will be
> automatically sent by the helpdesk) has a password that either doesn't
> change or keep the password updated in the hash.
Key management is a bear. Since by day I'm in the Kerberos
infrastructure game, I tend to use Kerberos credentials, with a
bunch of tooling around automated provisioning of Kerberos tickets
and service keytabs. Without a key management infrastructure,
you're basically stuck hand managing passwords, or more complicated
things are functionally equivalent to passwords.
So long as an unuathenticated entry point exists and provides
similar performance, there is indeed not much point in using
the authenticated entry point, except for educational value.
You may not have the choice at some time in the future.
--
Viktor.
