[Dovecot] cas proxy ticket as password

2013-10-08 Thread b m 
Hi everybody. Hi I'm tryingto use CAS for authenticating in dovecot. I have 
installed pam_cas and when I try castest i get cas:authenticationSuccess 
for my service (imaps://mywebmail.com) But when I actually try to login, 
dovecot uses the PT from the cas server as password. Any ideas what I'm missing?
Thanks a lot.

Re: [Dovecot] Public folders and groups

2012-10-25 Thread b m 
No AD doesn't have such a field, but I could use some unused field to get what 
I want. Let's say set Attribute1 to group1. The problem is how to get that 
info. I guess I have to edit dovecot-ldap.conf and put in user_attrs something 
like that ,=acl_groups=Attribute1. Any suggestions?






 From: Jan Phillip Greimann j...@softjury.de
To: b m stocto...@yahoo.com; Dovecot Mailing List dovecot@dovecot.org 
Sent: Thursday, October 25, 2012 1:35 PM
Subject: Re: [Dovecot] Public folders and groups
 
Am 25.10.2012 00:13, schrieb b m:
 Currently I have dovecot working with Active Directory authentication and 
 public folders with acl. In acl I have the users I want to access the public 
 folders. It'll be easier for me to use one group instead of 50 users but I 
 can't get it to work. From where does dovecot get the group attribute for a 
 user? Can it read the groups that a user belongs from AD?

Here a sentence to this, found in the dovecot wiki. 
(http://wiki2.dovecot.org/ACL)

ACL groups support works by returning a comma-separated acl_groups extra field 
from userdb, which contains all the groups the user belongs to.

It seems to be possible, I had an acl_groups field in my MySQL Database for 
this, I'am sure it is something like that in an AD too.

[Dovecot] Public folders and groups

2012-10-24 Thread b m 
Currently I have dovecot working with Active Directory authentication and 
public folders with acl. In acl I have the users I want to access the public 
folders. It'll be easier for me to use one group instead of 50 users but I 
can't get it to work. From where does dovecot get the group attribute for a 
user? Can it read the groups that a user belongs from AD?

Re: [Dovecot] CAS Authentication

2012-10-18 Thread b m 
Thanks for the configuration files. I have a question. In pam_cas.conf I don't 
know what to put in proxy cas proxy url. In some examples I have seen 
something like http://webmail address/proxy.php
Do I need a php file in my webmail to handle the cas tickets and if so where 
can I find it?




 From: Angel L. Mateo ama...@um.es
To: dovecot@dovecot.org 
Sent: Wednesday, October 17, 2012 10:24 AM
Subject: Re: [Dovecot] CAS Authentication
 
El 16/10/12 20:12, b m escribió:
 Thanks for the reply. I have already tried successfully the setup without 
 proxing the cas tickets and setting dovecot to login  with a master password. 
 The problem is that I need a password file with all the users and also I need 
 the proxy feature for other applications.
 

    This is my config. In /etc/pam.d/dovecot I have:

auth    sufficient    pam_cas_ssh.so -simap://localhost -f/etc/pam_cas.conf
account sufficient    pam_permit.so
session sufficient    pam_permit.so

    and /etc/pam_cas.conf
host cas server
port 443
uriValidate /cas/proxyValidate
ssl on
debug off
proxy    cas proxy url
trusted_ca pem cert file

    in dovecot, I have these users dbs:

userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = session=yes cache_key=%n dovecot
  driver = pam
}

    With this, it works fine.

-- Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 86337

Re: [Dovecot] CAS Authentication

2012-10-16 Thread b m 
Thanks for the reply. I have already tried successfully the setup without 
proxing the cas tickets and setting dovecot to login  with a master password. 
The problem is that I need a password file with all the users and also I need 
the proxy feature for other applications.






 From: de Lafond Guillaume gdelafond+dove...@aquaray.com
To: b m stocto...@yahoo.com; Dovecot Mailing List dovecot@dovecot.org 
Sent: Tuesday, October 16, 2012 4:56 PM
Subject: Re: [Dovecot] CAS Authentication
 
Hi,

 Hi.I'm very sorry for the repost but I forgot the subject.
 So,  I'm 
 using dovecot 2.0.18 and I'm trying to authenticate through a CAS server
 (until now authentication was through MS Active Directory). I could not
 find anywhere some examples, so here is what i have done so far.
 -install phpcas and pam_cas
 -edit /etc/pam.d/dovecot
                   auth    sufficient      /lib/security/pam_cas.so 
-simap://webmail.mydomain.com -f /etc/pam_cas.conf
 -edit
 /etc.pam_cas.conf
                   host mycas.mydomain.com 
                   port 443 
                   uriValidate /cas/proxyValidate 
                   ssl on 
                   proxy ??? 
                   trusted_ca /etc/cert/certificate.pem 
                   debug
 on
 
 - and finally dovecot.conf which I'm sure is complety wrong
               userdb {
               args = /etc/dovecot/dovecot-ldap.conf
               driver = ldap
               }
              passdb {
              driver = pam
              args = cache_key=%u dovecot
              }


Could you try with failure_show_msg=yes on passdb args ?
You can try without the proxy line in pam_cas.conf and a static userdb with 
allow_all_users=yes (in place of ldap configuration).

Hope this can help.

You have some logs in /var/log/auth.log (depends of your distrib).

-- 
Guillaume de Lafond
Aqua Ray

[Dovecot] (no subject)

2012-10-15 Thread b m 
Hi. I'm using dovecot 2.0.18 and I'm trying to authenticate through a CAS 
server (until now authentication was through MS Active Directory). I could not 
find anywhere some examples, so here is what i have done so far.
-install phpcas and pam_cas
-edit /etc/pam.d/dovecot
  auth    sufficient  /lib/security/pam_cas.so 
-simap://webmail.mydomain.com -f /etc/pam_cas.conf
-edit /etc.pam_cas.conf
  host mycas.mydomain.com 
  port 443 
  uriValidate /cas/proxyValidate 
  ssl on 
  proxy ??? 
  trusted_ca /etc/cert/certificate.pem 
  debug on

- and finally dovecot.conf which I'm sure is complety wrong
  userdb {
              args = /etc/dovecot/dovecot-ldap.conf
              driver = ldap
  }
 passdb {
 driver = pam
             args = cache_key=%u dovecot
 }

What I get in log is 


Oct 15 15:39:58 auth-worker: Debug: Loading modules from directory: 
/usr/lib64/dovecot/auth
Oct 15 15:39:58 auth-worker: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libauthdb_ldap.so
Oct 15 15:39:58 auth-worker: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_mysql.so
Oct 15 15:39:58 auth-worker: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_pgsql.so
Oct 15 15:39:58 auth-worker: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Oct 15 15:39:58 auth-worker: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libmech_gssapi.so
Oct 15 15:39:58 auth-worker: Debug: pam(user,127.0.0.1): lookup service=dovecot
Oct 15 15:39:58 auth-worker: Debug: pam(user,127.0.0.1): #1/1 style=1 
msg=Password: 
Oct 15 15:39:58 auth-worker: Info: pam(user,127.0.0.1): pam_authenticate() 
failed: Permission denied
Oct 15 15:40:00 auth: Debug: client out: FAIL    1    user=user
Oct 15 15:40:00 imap-login: Info: Aborted login (auth failed, 1 attempts): 
user=user, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Oct 15 15:40:00 auth: Debug: auth client connected (pid=9019)

Any ideas? Thanks.

[Dovecot] CAS Authentication

2012-10-15 Thread b m 
Hi.I'm very sorry for the repost but I forgot the subject.
So,  I'm 
using dovecot 2.0.18 and I'm trying to authenticate through a CAS server
 (until now authentication was through MS Active Directory). I could not
 find anywhere some examples, so here is what i have done so far.
-install phpcas and pam_cas
-edit /etc/pam.d/dovecot
  auth    sufficient  /lib/security/pam_cas.so 
-simap://webmail.mydomain.com -f /etc/pam_cas.conf
-edit
 /etc.pam_cas.conf
  host mycas.mydomain.com 
  port 443 
  uriValidate /cas/proxyValidate 
  ssl on 
  proxy ??? 
  trusted_ca /etc/cert/certificate.pem 
  debug
 on

- and finally dovecot.conf which I'm sure is complety wrong
  userdb {
              args = /etc/dovecot/dovecot-ldap.conf
              driver = ldap
  }
 passdb {
 driver = pam
             args = cache_key=%u dovecot
 }

What I get in log is 


Oct 15 15:39:58 auth-worker: Debug: Loading modules from directory: 
/usr/lib64/dovecot/auth
Oct 15 15:39:58 auth-worker: Debug: Module loaded:
 /usr/lib64/dovecot/auth/libauthdb_ldap.so
Oct 15 15:39:58 auth-worker: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_mysql.so
Oct 15 15:39:58 auth-worker: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_pgsql.so
Oct 15 15:39:58 auth-worker: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Oct 15 15:39:58 auth-worker: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libmech_gssapi.so
Oct 15 15:39:58 auth-worker: Debug: pam(user,127.0.0.1): lookup service=dovecot
Oct 15 15:39:58 auth-worker: Debug: pam(user,127.0.0.1): #1/1 style=1 
msg=Password: 
Oct 15 15:39:58 auth-worker: Info: pam(user,127.0.0.1): pam_authenticate() 
failed: Permission denied
Oct 15 15:40:00 auth: Debug: client out: FAIL    1    user=user
Oct
 15 15:40:00 imap-login: Info: Aborted login (auth failed, 1 attempts): 
user=user, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Oct 15
 15:40:00 auth: Debug: auth client connected (pid=9019)

Any ideas? Thanks.