On Thu, Feb 21, 2008 at 02:05:49PM +0000, Mário Gamito wrote: > What I'm trying to do is to pass a URL from the login server to the > email server: > http://mail.foobar.lan/login.php?username=gamito&clearpass=secret > Fact is, I don't know much about what I should do with this. > The webmail (IMP) authenticates via IMAP (Courier). > Ideas ?
Big NONO for passing the cleartext password like that.. Here's one idea: 1. When the user logins to the login server it does SQL or some other backend to save users login credentials like: Key User Pass Timestamp Where the key can be something like: sha1sum("SECRET"+"username"+"password"+rand()) 2. Save the SHA1 somewhere, to use when user wants email 3. And then patch the IMP to accept param loginhash=<SHA1SUM>. So you point your user to login.php?loginhash=SHA1SUM Check the backend that the SHA1SUM is found and isn't expired. Give IMP the user and pass to go forward.. -- Jani Ollikainen http://iki.fi/bestis/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users