[horde] Horde Imp CAS Authentication

LALOT Dominique dom.lalot at gmail.com
Thu Nov 3 15:22:20 UTC 2011


2011/11/3 Laura McCord <mccordl at southwestern.edu>

> **
> Dom,
>
> Is that what imapproxy is used for? Or, is that something different?
>
>
No, once you give your password to the real imap server, the server should
keep an association between login and password and even passwords as you
can log in via CAS, or directly (thunderbird, outlook).
install saslauthd if you use cyrus imap or pam ccred. saslauthd is a little
bit buggy about managing its cache.
You can find a patch for it here:

http://www.esup-portail.org/display/PROJPAMCAS/03+-+patch+saslauthd

Dom

Laura
>
>
>
> On 11/3/11 10:06 AM, LALOT Dominique wrote:
>
>
>
> 2011/11/3 Laura McCord <mccordl at southwestern.edu>
>
>> Xavier,
>>
>> Thanks for the reply. I set the parameter to be blank and I bypassed the
>> error message. I haven't configured our imap mail server yet. I was
>> planning on installing the pam_cas module. Right now, I am figuring the
>> reason why I am getting the too many redirects error is because it's trying
>> to get a response from the imap server but since I don't have the pam_cas
>> module installed it keeps trying to validate but it's getting no response.
>> Hopefully I can get that module installed soon.
>>
>> Thanks,
>>  Laura
>
>
>  Don't forget then to cache the credential on the imap server if you
> don't want to ask for a proxy ticket each time you click on a mail.
>
> Dom
>
>
>>
>> On 11/2/11 12:37 PM, Xavier Montagutelli wrote:
>>
>>> Hi Laura,
>>>
>>> On Thursday 27 October 2011 19:54:07 Laura McCord wrote:
>>>
>>>
>>>> Xavier,
>>>>
>>>> I have a question about the conf.php file. I am stuck on the SSL CA
>>>> Cert. Do I put the path of my horde server .crt file or do I put in the
>>>> path to my CAS server certificates?  And if it's the cas server does
>>>> that mean the path to cacerts?
>>>>
>>>> I received the following error:
>>>>
>>>> "could not open URL .... (CURL error #77: Problem with the SSL CA cert
>>>> (path? access rights?)) [Client.php:2595]"
>>>>
>>>>
>>> (I was on vacation the past days)
>>>
>>> $conf['auth']['params']['cas_cacert'] indicates the path, local to your
>>> horde
>>> server, to a file containing the certificate of the CA having issued the
>>> certificate of the CAS server. Or the certificate of the root authority
>>> if
>>> intermediate CA are in the chain.
>>>
>>> i.e. if the certificate of your CAS server is ultimately signed by "GTE
>>> CyberTrust Global root", you should be able to indicate
>>> "/etc/ssl/certs/GTE_CyberTrust_Global_Root.pem" if you are under Debian.
>>>
>>> This parameter is directly passed to the phpCAS library
>>> (phpCAS::setCasServerCACert). I suppose the file can be a bundle of known
>>> certificates.
>>>
>>> In practice, you can also try to put the complete chain (AC 1 ->  AC 2
>>> ->  root
>>> AC) in the file, if intermediate authorities are involved.
>>>
>>> If you have problems with it, in a step by step approach, you can also
>>> leave
>>> it blank : no verification of the CAS server certificate will be made.
>>>
>>> HTH,
>>>
>>>
>>>
>>>> Thanks,
>>>>   Laura
>>>>
>>>> On 10/26/11 6:50 AM, Xavier Montagutelli wrote:
>>>>
>>>>
>>>>> On Tuesday 25 October 2011 12:03:58 Maciej Uhlig wrote:
>>>>>
>>>>>
>>>>>> W dniu 2011-10-25 10:48, Jan Schneider pisze:
>>>>>>
>>>>>>
>>>>>>> Zitat von Laura McCord<mccordl at southwestern.edu>:
>>>>>>>
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I am trying to perform Horde WebMail authentication using CAS. I was
>>>>>>>> wondering if this documentation is still relevant  that is found
>>>>>>>> here
>>>>>>>> (Horde 3):
>>>>>>>> http://wiki.horde.org/CASAuthHowTo
>>>>>>>>
>>>>>>>> http://www.esup-portail.org/display/PROJHORDE/Installation+de+Horde-we
>>>>>>>> bm ail
>>>>>>>>
>>>>>>>>
>>>>>>> Not for Horde 4.
>>>>>>>
>>>>>>>
>>>>>> As far as I can see the second link above points to installation with
>>>>>> Horde 4 information too.
>>>>>>
>>>>>> MU
>>>>>>
>>>>>>
>>>>> We have developed a new driver to authenticate users against a CAS
>>>>> server. The driver is still in a "rough" shape, but it is useable. I am
>>>>> afraid I can't afford spending more time on this project right now, I
>>>>> hope it will be enough for you.
>>>>>
>>>>> The documentation is in english if you retrieve the whole SVN project
>>>>> http://subversion.cru.fr/esup-horde/trunk
>>>>>
>>>>> Feel free to post on this list or directly to me if you need help.
>>>>>
>>>>> HTH,
>>>>>
>>>>>
>>>>
>>>
>>
>> --
>>   Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>
>
>
>  --
> Dominique LALOT
> Ingénieur Systèmes et Réseaux
> http://annuaire.univmed.fr/showuser.php?uid=lalot
>
>
>


-- 
Dominique LALOT
Ingénieur Systèmes et Réseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot


More information about the horde mailing list