[horde] Horde Imp CAS Authentication

Laura McCord mccordl at southwestern.edu
Thu Nov 3 14:29:09 UTC 2011


Xavier,

Thanks for the reply. I set the parameter to be blank and I bypassed the 
error message. I haven't configured our imap mail server yet. I was 
planning on installing the pam_cas module. Right now, I am figuring the 
reason why I am getting the too many redirects error is because it's 
trying to get a response from the imap server but since I don't have the 
pam_cas module installed it keeps trying to validate but it's getting no 
response. Hopefully I can get that module installed soon.

Thanks,
  Laura


On 11/2/11 12:37 PM, Xavier Montagutelli wrote:
> Hi Laura,
>
> On Thursday 27 October 2011 19:54:07 Laura McCord wrote:
>    
>> Xavier,
>>
>> I have a question about the conf.php file. I am stuck on the SSL CA
>> Cert. Do I put the path of my horde server .crt file or do I put in the
>> path to my CAS server certificates?  And if it's the cas server does
>> that mean the path to cacerts?
>>
>> I received the following error:
>>
>> "could not open URL .... (CURL error #77: Problem with the SSL CA cert
>> (path? access rights?)) [Client.php:2595]"
>>      
> (I was on vacation the past days)
>
> $conf['auth']['params']['cas_cacert'] indicates the path, local to your horde
> server, to a file containing the certificate of the CA having issued the
> certificate of the CAS server. Or the certificate of the root authority if
> intermediate CA are in the chain.
>
> i.e. if the certificate of your CAS server is ultimately signed by "GTE
> CyberTrust Global root", you should be able to indicate
> "/etc/ssl/certs/GTE_CyberTrust_Global_Root.pem" if you are under Debian.
>
> This parameter is directly passed to the phpCAS library
> (phpCAS::setCasServerCACert). I suppose the file can be a bundle of known
> certificates.
>
> In practice, you can also try to put the complete chain (AC 1 ->  AC 2 ->  root
> AC) in the file, if intermediate authorities are involved.
>
> If you have problems with it, in a step by step approach, you can also leave
> it blank : no verification of the CAS server certificate will be made.
>
> HTH,
>
>    
>> Thanks,
>>    Laura
>>
>> On 10/26/11 6:50 AM, Xavier Montagutelli wrote:
>>      
>>> On Tuesday 25 October 2011 12:03:58 Maciej Uhlig wrote:
>>>        
>>>> W dniu 2011-10-25 10:48, Jan Schneider pisze:
>>>>          
>>>>> Zitat von Laura McCord<mccordl at southwestern.edu>:
>>>>>            
>>>>>> Hi,
>>>>>>
>>>>>> I am trying to perform Horde WebMail authentication using CAS. I was
>>>>>> wondering if this documentation is still relevant  that is found here
>>>>>> (Horde 3):
>>>>>> http://wiki.horde.org/CASAuthHowTo
>>>>>> http://www.esup-portail.org/display/PROJHORDE/Installation+de+Horde-we
>>>>>> bm ail
>>>>>>              
>>>>> Not for Horde 4.
>>>>>            
>>>> As far as I can see the second link above points to installation with
>>>> Horde 4 information too.
>>>>
>>>> MU
>>>>          
>>> We have developed a new driver to authenticate users against a CAS
>>> server. The driver is still in a "rough" shape, but it is useable. I am
>>> afraid I can't afford spending more time on this project right now, I
>>> hope it will be enough for you.
>>>
>>> The documentation is in english if you retrieve the whole SVN project
>>> http://subversion.cru.fr/esup-horde/trunk
>>>
>>> Feel free to post on this list or directly to me if you need help.
>>>
>>> HTH,
>>>        
>    



More information about the horde mailing list