[cvs] [Wiki] changed: CASAuthHowTo

Wiki Guest wikiguest at horde.org
Thu Oct 9 12:32:07 UTC 2008 

guest [193.190.224.1]  Thu, 09 Oct 2008 08:32:07 -0400

Modified page: http://wiki.horde.org/CASAuthHowTo
New Revision:  2.17
Change log:  [velpi] updated for phpCAS 0.6, phpCAS 1.0 non-functional yet

@@ -16,8 +16,19 @@
  <code>
   imap    auth    sufficient      /usr/lib/security/pam_cas.so  
-simap://127.0.0.1 -f/etc/pam_cas.conf
   imap    auth    sufficient      /usr/lib/security/pam_ldap.so try_first_pass
  </code>
+
+For a Debian+Dovecot-and-ldap machine the entire file could look like  
(/etc/pam.d/dovecot):
+[20081009 Added by Velpi]
+<code>
+auth    sufficient      /lib/security/pam_cas.so -simap://127.0.0.1  
-f/etc/pam_cas.conf
+auth    sufficient      pam_ldap.so config=/etc/pam_ldap.conf
+account required        pam_ldap.so config=/etc/pam_ldap.conf
+session required        pam_ldap.so config=/etc/pam_ldap.conf
+</code>
+
+

  {{/etc/pam_cas.conf:}}

  <code>
@@ -50,8 +61,12 @@
  Tested succesfully using standard horde release packages [20060620]
  * Horde 3.1.1
  * IMP 4.1.2
  * phpCAS 0.4.22-RC with patches (see below)
+Tested succesfully using standard horde release packages [20081009]
+* Horde 3.1.3
+* IMP 4.1.3
+* phpCAS 0.6.0


  First, install a basic horde system
  Configure it to use IMAP auth for horde-auth
@@ -83,21 +98,24 @@
  2) install phpCAS library in horde
  phpCAS uses domxml for php4.3, php5 means phpCAS will use a  
conversion class automatically. The Auth driver for Horde checks  
whether all necessary components are installed.
  K.U.Leuven's Horde-CAS authentication driver is patched to use PHP5.  
This means the check for domxml is commented out.

-/* OLD INFORMATION (in the new version the two bugs are fixed):
-download the phpCAS library from http://esup-phpcas.sourceforge.net/
-we used v 0.4.22-RC and fixed these two bugs:
-https://sourceforge.net/tracker/index.php?func=detail&aid=1514416&group_id=88445&atid=586706
-https://sourceforge.net/tracker/index.php?func=detail&aid=1514402&group_id=88445&atid=586706
-*/
  phpCAS has become a JA-SIG project, see:
  http://www.ja-sig.org/wiki/display/CASC/phpCAS
  (extract the package and)
  [change the path to your horde/php lib dir accordingly]
+phpCAS 0.6 and lower:
+<code>
  mkdir $HORDE_DIR/lib/CAS/
-cp -r source/CAS/* $HORDE_DIR/lib/CAS/
-
+cp -r $PHPCAS_SOURCE_DIR/CAS/* $HORDE_DIR/lib/CAS/
+</code>
+phpCAS 1.0 and higher (DOES NOT WORK: K.U.Leuven driver needs  
adjustments!! To be continued...; 20081009):
+<code>
+mkdir $HORDE_DIR/lib/CAS/
+cp -r $PHPCAS_SOURCE_DIR/CAS.php $HORDE_DIR/lib/CAS/
+mkdir $HORDE_DIR/lib/CAS/CAS/
+cp -r $PHPCAS_SOURCE_DIR/CAS/* $HORDE_DIR/lib/CAS/CAS/
+</code>

  3) install horde driver and proxyticketReceptor script for phpCAS
  K.U.Leuven made these two files public available with some modifications.
  You can download them from  
http://shib.kuleuven.be/docs/horde3-cas/horde_cas_auth_driver/
@@ -387,17 +405,8 @@



  --INSTALL COMPLETED--
-
-
-Now it's time for debugging fun!
-try checking your email and keep an eye on these files:
-* at horde server: logfile of CAS that you specified (needs to be  
writable by user that runs PHP/horde), possibly apache on SSL errors
-* you might want to check imapproxy logs (also see "pimpstat")
-* at IMAP: /var/log/auth.log and /var/log/syslog
-</code>
-


  *) contributed by Maja Gorecka-Wolniewicz, Uczelniane Centrum Informatyczne:
  When a IMAP server is using non-standard port the CAS auth driver keeps
@@ -413,4 +422,19 @@

  <code>
  if ( $servers[$server]['port'] != 143 ) $this->_imapService  
.=":".$servers[$server]['port'];
  </code>
+
+
+Now it's time for debugging fun!
+try checking your email and keep an eye on these files:
+* at horde server: logfile of CAS that you specified (needs to be  
writable by user that runs PHP/horde), possibly apache on SSL errors
+* you might want to check imapproxy logs (also see "pimpstat")
+* at IMAP: /var/log/auth.log and /var/log/syslog
+
+DEBUG HINTS:
+* HORDE: see /tmp/hordeaai-cas.log (when debug=true and configured  
like in this document)
+  => if contains "domxml_open_mem failed": the response from CAS  
server is not XML: use your browser to go to the URL that phpCAS shows  
in the logs right above the error
+* IMAP proxy: see /var/log/mail.log
+* IMAP server: see /var/log/auth
+* CAS server: see $TOMCAT/logs/cas3-server.log
+

More information about the cvs mailing list