[horde] Horde Imp CAS Authentication

LALOT Dominique dom.lalot at gmail.com
Thu Nov 3 15:06:27 UTC 2011


2011/11/3 Laura McCord <mccordl at southwestern.edu>

> Xavier,
>
> Thanks for the reply. I set the parameter to be blank and I bypassed the
> error message. I haven't configured our imap mail server yet. I was
> planning on installing the pam_cas module. Right now, I am figuring the
> reason why I am getting the too many redirects error is because it's trying
> to get a response from the imap server but since I don't have the pam_cas
> module installed it keeps trying to validate but it's getting no response.
> Hopefully I can get that module installed soon.
>
> Thanks,
>  Laura


Don't forget then to cache the credential on the imap server if you don't
want to ask for a proxy ticket each time you click on a mail.

Dom


>
> On 11/2/11 12:37 PM, Xavier Montagutelli wrote:
>
>> Hi Laura,
>>
>> On Thursday 27 October 2011 19:54:07 Laura McCord wrote:
>>
>>
>>> Xavier,
>>>
>>> I have a question about the conf.php file. I am stuck on the SSL CA
>>> Cert. Do I put the path of my horde server .crt file or do I put in the
>>> path to my CAS server certificates?  And if it's the cas server does
>>> that mean the path to cacerts?
>>>
>>> I received the following error:
>>>
>>> "could not open URL .... (CURL error #77: Problem with the SSL CA cert
>>> (path? access rights?)) [Client.php:2595]"
>>>
>>>
>> (I was on vacation the past days)
>>
>> $conf['auth']['params']['cas_**cacert'] indicates the path, local to
>> your horde
>> server, to a file containing the certificate of the CA having issued the
>> certificate of the CAS server. Or the certificate of the root authority if
>> intermediate CA are in the chain.
>>
>> i.e. if the certificate of your CAS server is ultimately signed by "GTE
>> CyberTrust Global root", you should be able to indicate
>> "/etc/ssl/certs/GTE_**CyberTrust_Global_Root.pem" if you are under
>> Debian.
>>
>> This parameter is directly passed to the phpCAS library
>> (phpCAS::setCasServerCACert). I suppose the file can be a bundle of known
>> certificates.
>>
>> In practice, you can also try to put the complete chain (AC 1 ->  AC 2 ->
>>  root
>> AC) in the file, if intermediate authorities are involved.
>>
>> If you have problems with it, in a step by step approach, you can also
>> leave
>> it blank : no verification of the CAS server certificate will be made.
>>
>> HTH,
>>
>>
>>
>>> Thanks,
>>>   Laura
>>>
>>> On 10/26/11 6:50 AM, Xavier Montagutelli wrote:
>>>
>>>
>>>> On Tuesday 25 October 2011 12:03:58 Maciej Uhlig wrote:
>>>>
>>>>
>>>>> W dniu 2011-10-25 10:48, Jan Schneider pisze:
>>>>>
>>>>>
>>>>>> Zitat von Laura McCord<mccordl at southwestern.**edu<mccordl at southwestern.edu>
>>>>>> >:
>>>>>>
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I am trying to perform Horde WebMail authentication using CAS. I was
>>>>>>> wondering if this documentation is still relevant  that is found here
>>>>>>> (Horde 3):
>>>>>>> http://wiki.horde.org/**CASAuthHowTo<http://wiki.horde.org/CASAuthHowTo>
>>>>>>> http://www.esup-portail.org/**display/PROJHORDE/**
>>>>>>> Installation+de+Horde-we<http://www.esup-portail.org/display/PROJHORDE/Installation+de+Horde-we>
>>>>>>> bm ail
>>>>>>>
>>>>>>>
>>>>>> Not for Horde 4.
>>>>>>
>>>>>>
>>>>> As far as I can see the second link above points to installation with
>>>>> Horde 4 information too.
>>>>>
>>>>> MU
>>>>>
>>>>>
>>>> We have developed a new driver to authenticate users against a CAS
>>>> server. The driver is still in a "rough" shape, but it is useable. I am
>>>> afraid I can't afford spending more time on this project right now, I
>>>> hope it will be enough for you.
>>>>
>>>> The documentation is in english if you retrieve the whole SVN project
>>>> http://subversion.cru.fr/esup-**horde/trunk<http://subversion.cru.fr/esup-horde/trunk>
>>>>
>>>> Feel free to post on this list or directly to me if you need help.
>>>>
>>>> HTH,
>>>>
>>>>
>>>
>>
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.**org<horde-unsubscribe at lists.horde.org>
>



-- 
Dominique LALOT
Ingénieur Systèmes et Réseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot


More information about the horde mailing list