webmail and GSSAPI authentication to imapd
Simon Wilkinson
simon at sxw.org.uk
Thu Apr 20 06:33:09 EDT 2006
ph.softnet at gmail.com wrote:
> So i suppose there is not any well know way to do this.I am willing to
> setup pubcookie or cosign but i first want to make sure there is a way
> to modify a webmail system to use the web sso.This seems to me to be
> the difficult part after all.
You can certainly setup IMP (part of Horde) to use Cosign and/or KX509
for authentication. You need to do a few code patches in order to do so,
however. From memory, you need to:
* Patch your PHP imap plugin so that it will use the GSSAPI mechanism
* Patch IMP so that it will respect the contents of the REMOTE_USER
variable, and pass these on to the server
Together with either the cosign or kct Apache modules you should then be
able to seemless authentication to the server.
We've also got patches to intergrate kx509 and Mailman, so that local
users can use web sso to check and administer mailing lists.
Let me know (off list) if you're interested in any of this code.
Cheers,
Simon
More information about the Kerberos
mailing list