[imp] custom_login.php / auto-login to imp w/ Horde 3.0 / IMP 4.0 beta

Jan Schneider jan at horde.org
Thu Nov 4 12:36:36 PST 2004 

Zitat von Liam Hoekenga <liamr at umich.edu>:

> Our Horde / IMP install is behind our web SSO, CoSign (www.weblogin.org).
> With Horde 2.x / IMP 3.x, once users have logged into the SSO, our webmail
> servers are able to obtain kerberos credentials for the users, and using a
> hacked version of imp/redirect.php, they're able to get into IMP w/o
> having to sign in a second time.
>
> We'd like to replicate this behavior w/ Horde 3.0 / IMP 4.0.  I've tried
> altering a copy of redirect.php, and it works for Apple's Safari browser,
> but all other browsers get caught in a "you have exceeded the number of
> redirects..." error message.  (The entries in the apache weblog seems to
> show one request w/ a bunch of unique horde session identifiers).

You probably rather want a transparent authentication driver and hordeauth
in IMP, just like you described below.

> I've thought about using imp/scripts/custom_login.php.  I'm just starting
> by trying to get it to work at all (I've edited the HORDE_BASE, and put it
> a level up w/ a new name), but I'm having some problems.  I'd expect that
> were I to go to /horde/imp/custom_login.php that I'd get presented that
> form, but that's not the case.
> - with safari, i get the IMP login screen, and after I log in, I get
>    presented the custom login form described in custom_login.php
> - with all other browsers, I get the IMP login screen, and after login I
>    get put into IMP
>
> I've also thought about using the hordeauth setting in IMP's
> config/servers.php, but I've not get that working either.  CoSign sets
> $_SERVER[ 'REMOTE_USER' ].  So, I've tried using the Horde "auto"
> mechanism, with an entry like this in conf.php.
>
>      $conf['auth']['params']['username'] = $_SERVER[ 'REMOTE_USER' ];
>
> This lets me in to horde as the right person, but IMP gets stuck in an
> endless login loop.
>
> I've modified a copy of the Horde "http" auth mechanism, replacing
> PHP_AUTH_USER and PHP_AUTH_PASS w/ REMOTE_USER (since we don't need a
> real password).  None of the tatics have worked.
>
> Anyone have suggestions?  Basically, I just want to trust the user has
> already authenticated, and let them into IMP w/o presenting a second login
> screen, providing the real username and some bogus password if either /
> both are needed.

How does authenticating agains the imap server work? With the kerberos user
from REMOTE_USER and an empty/any password? IMP with hordauth needs a
password if I'm not wrong, so you have to provide some.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

More information about the imp mailing list