...
Numberedheadings | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
OverviewModern versions of Microsoft Exchange are generally compatible with Moonshot. Since Exchange is integrated with the Windows SSPI, then it requires the Moonshot SSP in order to take advantage of a Moonshot-enabled environment. CompatibilityKeyIn the tables below, the following icons have the following meanings:
Compatibility ListNote that accessing supported versions of this software requires a Moonshot-compatible client - see the next section for details on which clients are supported. Any versions not listed below have not yet been tested. If you do so, please let us know!
Installation InstructionsThis software does not require any special installation instructions - install it as you normally would. Configuration InstructionsConfigure MoonshotDue to a bug in Microsoft Exchange, all versions currently require you to set the "Use Kerberos RPC ID" configuration option on the Moonshot SSP (see the Configure Microsoft ExchangeNo specific configuration is necessary within Microsoft Exchange itself, other than how you map external users to Exchange mailboxes; see below. Client CompatibilityThe following clients are known to work with this server software using Moonshot authentication (click on the link to see further information about enabling Moonshot in that client): Next StepsOnce you have installed the software, what happens next? Account MappingAn Exchange mailbox will need to be created in Exchange as per usual, with a corresponding Active Directory (AD) user account. To map from an incoming Moonshot-provided identity to an AD account (and therefore its mailbox), you need to edit that account's attribute called "AltSecurityIdentities". Add a value of "EAP:[NAI]" to map an incoming user to that particular account. If the user had an NAI of "johnsmith@example.com", and you wanted them to be able to authenticate to an Exchange mailbox connected to the "EGDOMAIN\johns" AD account, on that johns AD account's AltSecurity Identities you would add a value of "EAP:johnsmith@example.com". |