webmail and GSSAPI authentication to imapd
ph.softnet@gmail.com
ph.softnet at gmail.com
Thu Apr 20 09:05:11 EDT 2006
=CE=9F/=CE=97 Simon Wilkinson =CE=AD=CE=B3=CF=81=CE=B1=CF=88=CE=B5:
> ph.softnet at gmail.com wrote:
> > So i suppose there is not any well know way to do this.I am willing to
> > setup pubcookie or cosign but i first want to make sure there is a way
> > to modify a webmail system to use the web sso.This seems to me to be
> > the difficult part after all.
>
> You can certainly setup IMP (part of Horde) to use Cosign and/or KX509
> for authentication. You need to do a few code patches in order to do so,
> however. From memory, you need to:
> * Patch your PHP imap plugin so that it will use the GSSAPI mechanism
That's exactly what i want to do, but have not clue how to
do..Specifically, i need
to patch the PEAR::Auth_SASL, wich already supports CRAM-MD5, LOGIN,
etc.. but not GSSAPI (duh!).Are there any patches already available?
> * Patch IMP so that it will respect the contents of the REMOTE_USER
> variable, and pass these on to the server
>
> Together with either the cosign or kct Apache modules you should then be
> able to seemless authentication to the server.
>
> We've also got patches to intergrate kx509 and Mailman, so that local
> users can use web sso to check and administer mailing lists.
>
Yes off course i am interested!
> Let me know (off list) if you're interested in any of this code.
>
> Cheers,
>
> Simon
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list