[commits] [Wiki] changed: CASAuthHowTo

Wiki Guest wikiguest at horde.org
Mon Oct 28 04:46:39 UTC 2013


guest [182.253.49.46]  Mon, 28 Oct 2013 04:46:39 +0000

Modified page: http://wiki.horde.org/CASAuthHowTo
New Revision:  27
Change log:  minor

@@ -6,8 +6,9 @@

  [http://www.kuleuven.be/ Our university] is working towards a  
complete AAI (Authentication and Authorization Infrastructure)  
implementation. For web applications we are using the  
[http://shibboleth.internet2.edu/ Shibboleth architecture]. But as you  
can read in [ShibbolethAuthHowTo the Shibboleth Authentication HowTo],  
  a big problem with AAI and webapplications is authentication on the  
backend (with Horde/IMP that would be the mailservers). What we needed  
was a way to prevent the password passing the webmail servers AND the  
mailservers.

  Meet CAS: "Central Authentication System". It was originally  
developed by Yale and then adopted by the JA-SIG group. The ESUP  
consortium is also actively developing in the CAS area.
+[http://vamostech.com/gps-tracking GPS Tracking Mobil],  
[http://vamostech.com/gps-tracking GPS Tracker Motor],  
[http://www.propertykita.com/rumah.html Rumah Dijual di Jakarta],  
[http://www.propertykita.com/rumah.html Rumah Dijual di Bandung]

  We chose to use CAS (http://www.ja-sig.org/products/cas/index.html)  
as an authentication mechanism on top of Shibboleth. Because both  
Shibboleth and CAS do the initial authentication at the CAS server,  
users will see it as one integrated SSO system. Specific information  
about our implementation of CAS and Horde can be found at  
http://shib.kuleuven.be/docs/horde3-cas/

  First we used the ESUP pam module (referenced  
[http://www.ja-sig.org/wiki/display/CAS/PAM+Module here]) to let our  
mailservers use the CAS server as a possible authentication service.  
Here's how the cas lines in our mailserver pam-config looks like:



More information about the commits mailing list