[Dovecot] cas proxy ticket as password
Hi everybody. Hi I'm tryingto use CAS for authenticating in dovecot. I have installed pam_cas and when I try castest i get cas:authenticationSuccess for my service (imaps://mywebmail.com) But when I actually try to login, dovecot uses the PT from the cas server as password. Any ideas what I'm missing? Thanks a lot.
Re: [Dovecot] Public folders and groups
No AD doesn't have such a field, but I could use some unused field to get what I want. Let's say set Attribute1 to group1. The problem is how to get that info. I guess I have to edit dovecot-ldap.conf and put in user_attrs something like that ,=acl_groups=Attribute1. Any suggestions? From: Jan Phillip Greimann j...@softjury.de To: b m stocto...@yahoo.com; Dovecot Mailing List dovecot@dovecot.org Sent: Thursday, October 25, 2012 1:35 PM Subject: Re: [Dovecot] Public folders and groups Am 25.10.2012 00:13, schrieb b m: Currently I have dovecot working with Active Directory authentication and public folders with acl. In acl I have the users I want to access the public folders. It'll be easier for me to use one group instead of 50 users but I can't get it to work. From where does dovecot get the group attribute for a user? Can it read the groups that a user belongs from AD? Here a sentence to this, found in the dovecot wiki. (http://wiki2.dovecot.org/ACL) ACL groups support works by returning a comma-separated acl_groups extra field from userdb, which contains all the groups the user belongs to. It seems to be possible, I had an acl_groups field in my MySQL Database for this, I'am sure it is something like that in an AD too.
[Dovecot] Public folders and groups
Currently I have dovecot working with Active Directory authentication and public folders with acl. In acl I have the users I want to access the public folders. It'll be easier for me to use one group instead of 50 users but I can't get it to work. From where does dovecot get the group attribute for a user? Can it read the groups that a user belongs from AD?
Re: [Dovecot] CAS Authentication
Thanks for the configuration files. I have a question. In pam_cas.conf I don't know what to put in proxy cas proxy url. In some examples I have seen something like http://webmail address/proxy.php Do I need a php file in my webmail to handle the cas tickets and if so where can I find it? From: Angel L. Mateo ama...@um.es To: dovecot@dovecot.org Sent: Wednesday, October 17, 2012 10:24 AM Subject: Re: [Dovecot] CAS Authentication El 16/10/12 20:12, b m escribió: Thanks for the reply. I have already tried successfully the setup without proxing the cas tickets and setting dovecot to login with a master password. The problem is that I need a password file with all the users and also I need the proxy feature for other applications. This is my config. In /etc/pam.d/dovecot I have: auth sufficient pam_cas_ssh.so -simap://localhost -f/etc/pam_cas.conf account sufficient pam_permit.so session sufficient pam_permit.so and /etc/pam_cas.conf host cas server port 443 uriValidate /cas/proxyValidate ssl on debug off proxy cas proxy url trusted_ca pem cert file in dovecot, I have these users dbs: userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } passdb { args = session=yes cache_key=%n dovecot driver = pam } With this, it works fine. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337
Re: [Dovecot] CAS Authentication
Thanks for the reply. I have already tried successfully the setup without proxing the cas tickets and setting dovecot to login with a master password. The problem is that I need a password file with all the users and also I need the proxy feature for other applications. From: de Lafond Guillaume gdelafond+dove...@aquaray.com To: b m stocto...@yahoo.com; Dovecot Mailing List dovecot@dovecot.org Sent: Tuesday, October 16, 2012 4:56 PM Subject: Re: [Dovecot] CAS Authentication Hi, Hi.I'm very sorry for the repost but I forgot the subject. So, I'm using dovecot 2.0.18 and I'm trying to authenticate through a CAS server (until now authentication was through MS Active Directory). I could not find anywhere some examples, so here is what i have done so far. -install phpcas and pam_cas -edit /etc/pam.d/dovecot auth sufficient /lib/security/pam_cas.so -simap://webmail.mydomain.com -f /etc/pam_cas.conf -edit /etc.pam_cas.conf host mycas.mydomain.com port 443 uriValidate /cas/proxyValidate ssl on proxy ??? trusted_ca /etc/cert/certificate.pem debug on - and finally dovecot.conf which I'm sure is complety wrong userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } passdb { driver = pam args = cache_key=%u dovecot } Could you try with failure_show_msg=yes on passdb args ? You can try without the proxy line in pam_cas.conf and a static userdb with allow_all_users=yes (in place of ldap configuration). Hope this can help. You have some logs in /var/log/auth.log (depends of your distrib). -- Guillaume de Lafond Aqua Ray
[Dovecot] (no subject)
Hi. I'm using dovecot 2.0.18 and I'm trying to authenticate through a CAS server (until now authentication was through MS Active Directory). I could not find anywhere some examples, so here is what i have done so far. -install phpcas and pam_cas -edit /etc/pam.d/dovecot auth sufficient /lib/security/pam_cas.so -simap://webmail.mydomain.com -f /etc/pam_cas.conf -edit /etc.pam_cas.conf host mycas.mydomain.com port 443 uriValidate /cas/proxyValidate ssl on proxy ??? trusted_ca /etc/cert/certificate.pem debug on - and finally dovecot.conf which I'm sure is complety wrong userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } passdb { driver = pam args = cache_key=%u dovecot } What I get in log is Oct 15 15:39:58 auth-worker: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Oct 15 15:39:58 auth-worker: Debug: pam(user,127.0.0.1): lookup service=dovecot Oct 15 15:39:58 auth-worker: Debug: pam(user,127.0.0.1): #1/1 style=1 msg=Password: Oct 15 15:39:58 auth-worker: Info: pam(user,127.0.0.1): pam_authenticate() failed: Permission denied Oct 15 15:40:00 auth: Debug: client out: FAIL 1 user=user Oct 15 15:40:00 imap-login: Info: Aborted login (auth failed, 1 attempts): user=user, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Oct 15 15:40:00 auth: Debug: auth client connected (pid=9019) Any ideas? Thanks.
[Dovecot] CAS Authentication
Hi.I'm very sorry for the repost but I forgot the subject. So, I'm using dovecot 2.0.18 and I'm trying to authenticate through a CAS server (until now authentication was through MS Active Directory). I could not find anywhere some examples, so here is what i have done so far. -install phpcas and pam_cas -edit /etc/pam.d/dovecot auth sufficient /lib/security/pam_cas.so -simap://webmail.mydomain.com -f /etc/pam_cas.conf -edit /etc.pam_cas.conf host mycas.mydomain.com port 443 uriValidate /cas/proxyValidate ssl on proxy ??? trusted_ca /etc/cert/certificate.pem debug on - and finally dovecot.conf which I'm sure is complety wrong userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } passdb { driver = pam args = cache_key=%u dovecot } What I get in log is Oct 15 15:39:58 auth-worker: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Oct 15 15:39:58 auth-worker: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Oct 15 15:39:58 auth-worker: Debug: pam(user,127.0.0.1): lookup service=dovecot Oct 15 15:39:58 auth-worker: Debug: pam(user,127.0.0.1): #1/1 style=1 msg=Password: Oct 15 15:39:58 auth-worker: Info: pam(user,127.0.0.1): pam_authenticate() failed: Permission denied Oct 15 15:40:00 auth: Debug: client out: FAIL 1 user=user Oct 15 15:40:00 imap-login: Info: Aborted login (auth failed, 1 attempts): user=user, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Oct 15 15:40:00 auth: Debug: auth client connected (pid=9019) Any ideas? Thanks.