[imp] IMP and External Single Sign On systems

Jethro R Binks jethro.binks@strath.ac.uk
Fri, 19 Jul 2002 10:34:56 +0100 (BST)

Previous message: [imp] IMP and External Single Sign On systems
Next message: FW: [imp] Client Browser Issues?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 18 Jul 2002, Duane Currie wrote:

> Does anyone have any experience with integrating IMP with any external
> authentication systems?
[...]
> That's two of our cleaner thoughts, but I'm open to any suggestions.  So,
> before we go ahead with
> this, I was wondering if anyone has already worked on or is working on this,
> or if there was any
> suggestions anyone has.

Sort of.

I'm almost there having our IMAP server (Courier IMAP) do authentication
against an LDAP backend, and the LDAP backend uses the --enable-kpasswd
feature to check the password against our Active Directory (userPassword
is set to the magic '{KERBEROS}principal@REALM').

For other (traditionally Unix-based) systems, intending to do
authentication via a RADIUS server which uses Kerberos to authenticate
against AD again.

It's not really Single Sign On.  I call it Same Sign On, which is a term I
picked up from somewhere.

Jethro.

!! Following paternity leave, I'm still only here occasionally.
!! Please expect delays of up to several days between emails.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks                                   Computing Officer, IT Services
Mailmaster, Listmaster, Webmaster,       University Of Strathclyde, Glasgow, UK
Cachemaster                                           jethro.binks@strath.ac.uk

Previous message: [imp] IMP and External Single Sign On systems
Next message: FW: [imp] Client Browser Issues?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]