Revisting the code, I noticed that my assumption was not correct. We
actually check if 'admin' settings exist in servers.php, because
that's what we also do to check if the 'list' capability is
available when using IMP authentication.
We're using Cyrus. I just kept the "admin" block from servers.php.dist.
Looks like it get the field if I set
$servers['cyrus']['admin'] = false;
Why don't you use the http authentication driver?
Because it checks PHP_AUTH_USER instead of $_SERVER['REMOTE_USER'],
and our stuff doesn't set PHP_AUTH_USER. We also don't use an
.htaccess file for authentication, or do anything that pretends to
be basic auth.
Ah, I thought REMOTE_USER was set by some http basic auth.
I believe that HTTP basic auth should always set REMOTE_USER. When a
browser has authenticated with basic auth, it embeds the username and
password in the http headers that get passed to the server with every
request. I'm pretty sure it's the presence of these headers that
causes PHP to set the PHP_AUTH_USER and PHP_AUTH_PW environment
variables.
Our SSO only sets REMOTE_USER. Would it be reasonable, perhaps, for
the http authentication driver to check for either PHP_AUTH_USER or
REMOTE_USER?
Liam
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: [EMAIL PROTECTED]
