[cvs] [Wiki] changed: CASAuthHowTo

Chuck Hagenbuch chuck at horde.org
Tue Sep 23 16:36:06 UTC 2008 

chuck  Tue, 23 Sep 2008 12:36:06 -0400

Modified page: http://wiki.horde.org/CASAuthHowTo
New Revision:  2.15
Change log:  spelling; try to filter for bad unicode?

@@ -5,9 +5,9 @@
    Thanks go to the [http://www.ja-sig.org/products/cas/ Ja-Sig] and  
the  
[http://esup-portail.org/consortium/espace/SSO_1B/tech/cas/cas_install.html  
ESUP] people!!

  [http://www.kuleuven.be/ Our university] is working towards a  
complete AAI (Authentication and Authorization Infrastructure)  
implementation. For web applications we are using the  
[http://shibboleth.internet2.edu/ Shibboleth architecture]. But as you  
can read in [ShibbolethAuthHowTo the Shibboleth Authentication HowTo],  
  a big problem with AAI and webapplications is authentication on the  
backend (with Horde/IMP that would be the mailservers). What we needed  
was a way to prevent the password passing the webmail servers AND the  
mailservers.

-Meet CAS: "Central Authentication System". It was originally  
developed by Yale and then adpoted by the JA-SIG group. The ESUP  
consortium is also actively developing in the CAS area.
+Meet CAS: "Central Authentication System". It was originally  
developed by Yale and then adopted by the JA-SIG group. The ESUP  
consortium is also actively developing in the CAS area.

  We chose to use CAS (http://www.ja-sig.org/products/cas/index.html)  
as an authentication mechanism on top of Shibboleth. Because both  
Shibboleth and CAS do the initial authentication at the CAS server,  
users will see it as one integrated SSO system. Specific information  
about our implementation of CAS and Horde can be found at  
http://shib.kuleuven.be/docs/horde3-cas/

  First we used the ESUP pam module (referenced  
[http://www.ja-sig.org/wiki/display/CAS/PAM+Module here]) to let our  
mailservers use the CAS server as a possible authentication service.  
Here's how the cas lines in our mailserver pam-config looks like:
@@ -410,5 +410,4 @@

  <code>
  if ( $servers[$server]['port'] != 143 ) $this->_imapService  
.=":".$servers[$server]['port'];
  </code>
-

More information about the cvs mailing list