On Wed, Dec 1, 2010 at 11:56 AM, Tod Pike <[email protected]> wrote: > Gary: > I've already got an ugly hack ready - we did something similar to > use squirrelmail against our GSSAPI IMAP server. We use the imtest > helper program to open the GSSAPI-authenticated session (passing in > the Kerberos credential file that we got from the pubcookie module). > We passed that file descriptor back into squirrelmail, bypassing the > normal connection open. > > I'd love to see how that code works since the only gssapi implementations I can find seem to be in C using the C-Client library.
> I'd like to something similar in roundcube, but it's pretty difficult > using only plugins. I can certainly set up my own imap_connect hook that > would open the proper connection, but I don't see any way to put the > resulting file descriptor into the imap object, since all that stuff is > private to the rcube_imap_generic module. > > That's what I meant, you need to modify the core code. At a minimum, you need to modify rcube_imap_generic to include a case for using GSSAPI. Personally, once you start editing that, I'd say move the whole if/then structure to a switch/case structure as there are then 4 different mechanisms. If you want to be really really nice, extend the auth_sasl code http://pear.php.net/package/Auth_SASL/ The module doesn't currently have a maintainer, so you could update it there to support GSSAPI and then bring it downstream to Roundcube. I'm stuck at the moment in conceptualizing how to do GSSAPI authentication from within PHP[in theory, I know it's just a matter of passing the challenge token into the function over and over till you get to a success]
_______________________________________________ List info: http://lists.roundcube.net/dev/ BT/8f4f07cd
