[cvs] [Wiki] changed: CASAuthHowTo
Wiki Guest
wikiguest at horde.org
Wed Sep 27 04:06:17 PDT 2006
guest [134.58.253.113] Wed, 27 Sep 2006 04:06:17 -0700
Modified page: http://wiki.horde.org/CASAuthHowTo
New Revision: 2.5
Change log: credits update
@@ -5,9 +5,9 @@
Thanks go to the [http://www.ja-sig.org/products/cas/ Ja-Sig] and the [http://esup-portail.org/consortium/espace/SSO_1B/tech/cas/cas_install.html ESUP] people!!
[http://www.kuleuven.be/ Our university] is working towards a complete AAI (Authentication and Authorization Infrastructure) implementation. For web applications we are using the [http://shibboleth.internet2.edu/ Shibboleth architecture]. But as you can read in [ShibbolethAuthHowTo the Shibboleth Authentication HowTo], a big problem with AAI and webapplications is authentication on the backend (with Horde/IMP that would be the mailservers). What we needed was a way to prevent the password passing the webmail servers AND the mailservers.
-Enter CAS.
+Meet CAS: "Central Authentication System". It was originally developed by Yale and then adpoted by the JA-SIG group. The ESUP consortium is also actively developing in the CAS area.
We chose to use CAS (http://www.ja-sig.org/products/cas/index.html) as an authentication mechanism on top of Shibboleth. Because both Shibboleth and CAS do the initial authentication at the CAS server, users will see it as one integrated SSO system.
First we used the ESUP pam module (referenced [http://www.ja-sig.org/wiki/display/CAS/PAM+Module here]) to let our mailservers use the CAS server as a possible authentication service. Here's how the cas lines in our mailserver pam-config looks like:
More information about the cvs
mailing list