The kerberos 5 PHP extension doesn't actually do anything with
credentials. It just knows how to check your kerberos realm for a
valid account / password combination.
If you're trying to do what I think you're trying to do, you're going
to need a login mechanism that actually obtains credentials. If UW
c-client is compiled with GSSAPI support, PHP IMAP extension will
support GSSAPI.
You'll probably want to look at something like mod_auth_kerb, which
presents a basic-auth style login box, validates accounts against your
kerberos realm, and can obtain credentials, which can then be used
with PHP IMAP / c-client. You'd then need a Horde authenticator that
used $_SERVER['REMOTE_USER'] as the source of the user name.
mod_auth_kerb is probably the easiest thing to do, in that it's stand
alone. You need to get a keytab for your server, but otherwise,
there's no real infrastructure work that needs to be done.
It's also pretty easy to integrate your Horde installation with a
WebISO (Institutional Sign-on) / SSO (Single Sign-on). We're using
CoSign (written here at UMich), and it can obtain kerberos credentials
on behalf of the user. I have not used competing WebISOs (PubCookie,
WebAuth, CAS) but believe that all of them should have the ability to
obtain kerberos credentials and that Horde could be similarly
integrated with those technologies.
Liam
Quoting Martin Podworny <[EMAIL PROTECTED]>:
Hi,
since a couple of days i tried to integrate Horde3/IMP4 in our
Kerberos5-infrastructure. The webmailer should connect to a Cyrus imapd
(all installed on a Debian 4.0/Etch), which authenticate imapuser with
help of saslauthd. Sasl in turn use GSSAPI/Kerberos as authentication
mechanism. With this setup, it is possible to login (thunderbird or
imtest).
In Horde i configured the following:
Administration->Authentication->What backend should we use for
authenticating users to Horde->Kerberos authentication
After setting this and install php-extension for krb5, it is possible
to logon with a valid credential. But how can i switch with this
credential, which is validated from hordeauth, to IMP? I tried it with
the following in /etc/horde3/imp4/server.php
$servers['cyrus'] = array(
'name' => 'IMAP Server',
'server' => 'host.domain.de',
'hordeauth' => true,
'protocol' => 'imap/notls',
'port' => 143,
'maildomain' => 'domain.de',
'smtphost' => 'smtphost.domain.de',
'smtpport' => 25,
'realm' => '',
'preferred'
...
}
Login to horde succeeded, but if i click on "Mail" it appear "Login
failed". The logfile horde.log says this:
Jul 15 14:56:16 HORDE [notice] [horde] Login success for imapuser
[NNN.NN.NN.NN] to Horde [on line 90 of "/usr/share/horde3/login.php"]
Jul 15 14:56:19 HORDE [error] [imp] FAILED LOGIN NNN.NN.NN.NN to
host.domain.de:143[imap/notls] as imapuser [on line 258 of
"/usr/share/horde3/imp/lib/Auth/imp.php"]
Have anyone a hint? Thank you very much,
Martin
--
Universität zu Köln :: Universitäts- und Stadtbibliothek
IT-Dienste
Universitätsstr. 33 :: D-50931 Köln
Tel.: +49 221 470-3330 :: Fax: +49 221 470-5166
[EMAIL PROTECTED] :: www.ub.uni-koeln.de
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: [EMAIL PROTECTED]
!DSPAM:487ca169126231262912241!
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: [EMAIL PROTECTED]
