You want to take advantage of your MIT Kerberos-5 infrastructure for authentication to your mail server.

Use a mail client that supports GSSAPI Kerberos authentication via the IMAP AUTHENTICATE command, such as mutt or pine.

If you have set up an IMAP server using imapd , and a Kerberos realm [Recipe 4.11], then most of the work is done: the Red Hat imapd comes with Kerberos support already built in and enabled. All that remains is to add Kerberos principals for the mail service on the server host.

If your username is homer and the mail server is marge, then:

marge# kadmin -p homer/admin
Authenticating as principal homer/admin@DOGOOD.ORG with password.
Enter password: ********

kadmin: ank -randkey -policy hosts imap/marge.dogood.org
Principal "imap/marge.dogood.org@DOGOOD.ORG" created.

kadmin: ktadd -k /etc/krb5.keytab imap/marge.dogood.org
Entry for principal imap/marge.dogood.org@DOGOOD.ORG with kvno 3,
  encryption type  Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/
krb5.keytab.

kadmin: quit

Now on any host in the Kerberos realm, your compatible mail client should automatically use your Kerberos credentials, if available:

$ kinit
Password for pat@DOGOOD.ORG: ********

$ klist
Ticket cache: FILE:/tmp/krb5cc_503
Default principal: pat@DOGOOD.ORG

Valid starting     Expires            Service principal
03/05/03 03:48:35  03/05/03 13:48:35  krbtgt/DOGOOD.ORG@DOGOOD.ORG

Then connect with your mail client, such as mutt: [Recipe 8.12]

$ MAIL=imap://pat@marge.dogood.org/ ...