[cvs] [Wiki] changed: CASAuthHowTo

Wiki Guest wikiguest at horde.org
Mon Jul 23 18:58:08 UTC 2007


guest [80.200.81.157]  Mon, 23 Jul 2007 11:58:08 -0700

Modified page: http://wiki.horde.org/CASAuthHowTo
New Revision:  2.7
Change log:  added comment by Maja Gorecka-Wolniewicz

@@ -11,14 +11,16 @@
 We chose to use CAS (http://www.ja-sig.org/products/cas/index.html) as an
authentication mechanism on top of Shibboleth. Because both Shibboleth and
CAS do the initial authentication at the CAS server, users will see it as
one integrated SSO system. Specific information about our implementation of
CAS and Horde can be found at http://shib.kuleuven.be/docs/horde3-cas/

 First we used the ESUP pam module (referenced
[http://www.ja-sig.org/wiki/display/CAS/PAM+Module here]) to let our
mailservers use the CAS server as a possible authentication service. Here's
how the cas lines in our mailserver pam-config looks like:
 {{/etc/pam.conf:}}
-<code> imap    auth    sufficient      /usr/lib/security/pam_cas.so
-simap://127.0.0.1 -f/etc/pam_cas.conf
+<code>
+ imap    auth    sufficient      /usr/lib/security/pam_cas.so
-simap://127.0.0.1 -f/etc/pam_cas.conf
  imap    auth    sufficient      /usr/lib/security/pam_ldap.so
try_first_pass
 </code>
-{{/etc/pam_cas.conf:}}

-<code> host cas.example.com
+{{/etc/pam_cas.conf:}}
+<code>
+ host cas.example.com
  port 80
  uriValidate /cas/proxyValidate
  ssl off
  debug off
@@ -381,5 +383,20 @@
 try checking your email and keep an eye on these files:
 * at horde server: logfile of CAS that you specified (needs to be writable
by user that runs PHP/horde), possibly apache on SSL errors
 * you might want to check imapproxy logs (also see "pimpstat")
 * at IMAP: /var/log/auth.log and /var/log/syslog
+</code>
+
+
+
+*) contributed by Maja Gorecka-Wolniewicz, Uczelniane Centrum
Informatyczne:
+When a IMAP server is using non-standard port the CAS auth driver keeps
+asking for ticket for service imap://name while the ticket for
+imap://name:port is needed.
+I've added in function __getIMPVars() after
+<code>
+ $this->_imapService = $p."://".$servers[$server]['server'];
+</code>
+the code
+<code>
+if ( $servers[$server]['port'] != 143 ) $this->_imapService
.=":".$servers[$server]['port'];
 </code>


More information about the cvs mailing list