[commits] [Wiki] changed: CASAuthHowTo
Wiki Guest
wikiguest at horde.org
Thu Oct 31 02:37:04 UTC 2013
guest [182.253.50.153] Thu, 31 Oct 2013 02:37:04 +0000
Modified page: http://wiki.horde.org/CASAuthHowTo
New Revision: 27
Change log: minor
@@ -6,8 +6,9 @@
[http://www.kuleuven.be/ Our university] is working towards a
complete AAI (Authentication and Authorization Infrastructure)
implementation. For web applications we are using the
[http://shibboleth.internet2.edu/ Shibboleth architecture]. But as you
can read in [ShibbolethAuthHowTo the Shibboleth Authentication HowTo],
a big problem with AAI and webapplications is authentication on the
backend (with Horde/IMP that would be the mailservers). What we needed
was a way to prevent the password passing the webmail servers AND the
mailservers.
Meet CAS: "Central Authentication System". It was originally
developed by Yale and then adopted by the JA-SIG group. The ESUP
consortium is also actively developing in the CAS area.
+[http://vamostech.com/gps-tracking GPS Tracking Mobil],
[http://vamostech.com/gps-tracking GPS Tracker Motor],
[http://www.propertykita.com/rumah.html Rumah Dijual di Jakarta],
[http://www.propertykita.com/rumah.html Rumah Dijual di Bandung]
We chose to use CAS (http://www.ja-sig.org/products/cas/index.html)
as an authentication mechanism on top of Shibboleth. Because both
Shibboleth and CAS do the initial authentication at the CAS server,
users will see it as one integrated SSO system. Specific information
about our implementation of CAS and Horde can be found at
http://shib.kuleuven.be/docs/horde3-cas/
First we used the ESUP pam module (referenced
[http://www.ja-sig.org/wiki/display/CAS/PAM+Module here]) to let our
mailservers use the CAS server as a possible authentication service.
Here's how the cas lines in our mailserver pam-config looks like:
More information about the commits
mailing list