[imp] Single Sign On + Kerberos

Liam Hoekenga liamr at deathstar.org
Fri Jul 6 12:27:31 UTC 2007


We're running Cyrus, which does support a passwordless mode.  We patched 
proxyd to support a "-N" flag, which makes it accept any password you 
give it.  I believe this patch was accepted back into the cyrus 
distribution..

Our webmail machines are part of the Cyrus murder, but unlike the other 
front ends, they only listen on the loopback interface - having an imap 
server that doesn't care what password you give it listening for 
connections on the internet is a crazy thing to do. 

Beyond that, you're still going to need to do something to set $_SERVER[ 
'REMOTE_USER'].  To my knowledge neither Heimdal nor MIT K5 comes with 
an apache module, so I'm not sure what you're talking about when you say 
that kerberos sets $_SERVER['REMOTE_USER]'.  You could use basic auth, 
or even mod_auth_kerb, but neither of those fits your stated need for an 
SSO.  We use Cosign (http://www.weblogin.org), tho, this kind of setup 
should work with CAS, pubcookie and shibboleth.

Liam

Harakiri wrote:
> Which IMAP Server is that ?
>
> Do you have any experiences with it ?
>
> Thanks
>
>
> --- Chuck Hagenbuch <chuck at horde.org> wrote:
>
>   
>> Quoting Harakiri <harakiri_23 at yahoo.com>:
>>
>>     
>>> AFAIK kerberos sets the REMOTE_USER env - so we
>>>       
>> would
>>     
>>> have at least a username - if we would disable
>>>       
>> IMAP
>>     
>>> authenticate and make sure its impossible to fake
>>>       
>> the
>>     
>>> REMOTE_USER - imp/courier should be able to handle
>>>       
>> it
>>     
>>> ?
>>>       
>> Yes, there is at least one imap server that supports
>> passwordless  
>> login in this way, although of course you need to
>> secure that properly.
>>
>> -chuck
>> -- 
>> IMP mailing list - Join the hunt:
>> http://horde.org/bounties/#imp
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail:
>> imp-unsubscribe at lists.horde.org
>>
>>     
>
>
>
>        
> ____________________________________________________________________________________
> Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. 
> http://mobile.yahoo.com/go?refer=1GNXIC
>   



More information about the imp mailing list