Am 26.04.2018 um 20:19 schrieb Chris (chris2...@postbox.xyz): > On Tue, 24 Apr 2018 19:48:06 +0000 (UTC) > Sergio Cesar winc wrote: > >> I wonder if one could user the webserver authentication and pass it >> to SOGo or roundcube. > > I'm also very interested in this. Is it possible to pass username and > password from Apache proxy to SOGo? And is this working with CalDAV and > CardDAV clients? It would considerably lower attack surface if SOGo was > only reachable for authenticated clients. >
Not exactly. If you use Proxy authentication, you would have to authenticate yourself twice. First on the proxy, then on SOGo. You can use proxy authentication alone, but then you have to enable SOGoTrustProxyAuthentication = YES; That means, that SOGo will not test authentication at all. And it will not get the password of the user. That in turn means, that SOGo is not able to authenticate against SMTP-, SIEVE- and IMAP-servers! Therefore you have to enable those three to accept all connections without authentication from the SOGo server or store all passwords in plain text on the SOGo server!!! Because of that I would advise against it, as long as you don't run all of them on the same machine and restrict unauthenticated access on localhost. The other possibility would be to use one of CAS or SAML2 authentication. Those two generate a session ticket, which is passed to SOGo for authentication. SOGo then accesses IMAP- and SIEVE-servers with that ticket. Because of that your IMAP-, SIEVE- and SMTP-servers have to be enabled to use those tickets first. Hope that clarifies it a bit. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung Basisdienste 78457 Konstanz +49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature