[imp] Single Sign On + Kerberos

[Harakiri]

AFAIK kerberos sets the REMOTE_USER env - so we would
have at least a username - if we would disable IMAP
authenticate and make sure its impossible to fake the
REMOTE_USER - imp/courier should be able to handle it
?


--- Jan Schneider <jan at horde.org> wrote:

> Zitat von Harakiri <harakiri_23 at yahoo.com>:
> 
> > Hello,
> >
> > i know that Horde has Kerberos Auth support.
> However
> > does this also apply for Single Sign On ?
> >
> > What i want to achieve is, that users of IMP can
> > access their webmail without entering a
> > username/password.
> >
> > IE and Firefox have Kerberos Auth - so lets say my
> > users are in a Windows Domain - they authenticate
> only
> > once when logging into Windows.
> >
> > Now when they open their IE and goto the IMP
> webmail
> > they should not need to login again.
> >
> > As far as i know Kerberos Auth only issues tickets
> and
> > then the Windows Server for example authenticates
> this
> > ticket - however how can/should IMP know the
> username
> > of the user to access the courier backend where
> the
> > messages for the web user are stored ?
> >
> > One way would be to use mod_auth_kerb for apache,
> > however the problem remains how IMP/Any
> application
> > can figure out at least the Username - and
> sometimes
> > the password (probably impossible)
> 
> Correct, this is not possible. At least I don't know
> any IMAP server  
> that supports such an authentication, let alone the
> PHP imap extension.
> 
> Jan.
> 
> -- 
> Do you need professional PHP or Horde consulting?
> http://horde.org/consulting/
> 
> -- 
> IMP mailing list - Join the hunt:
> http://horde.org/bounties/#imp
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail:
> imp-unsubscribe at lists.horde.org
> 



 
____________________________________________________________________________________
Bored stiff? Loosen up... 
Download and play hundreds of games for free on Yahoo! Games.
http://games.yahoo.com/games/front