Re: [cas-user] CAS HORDE

Mon, 30 Mar 2009 01:05:28 -0700

Hi Binh,
    Horde take One ticket and reuse it the first authentication is OK, but after horde try to reuse the same ticket.
    You must use a cache with pam_cas (we use cyrus-imap as mail server and saslauthd with cache option) but I know some one use PAM ccreds to cache credential.

Thanks,

Binh Thuan Nguyen a écrit :
Thanks Julien,

I'm a litte bit farther, I receive now the message:
Mar 27 15:53:07 rzssotst PAM_cas[5993]:   checking element https://blablabla/horde/casProxy.php
Mar 27 15:53:07 rzssotst PAM_cas[5993]: USER 'y0022248' AUTHENTICATED WITH CAS PT:ST-36-qMteL9EaklgNs7zGeS2H-cas

but after that:
Mar 27 15:53:07 rzssotst PAM_cas[5997]: authentication failure#012#015#012#015#012#015#012#011'>http://www.yale.edu/tp/cas'>#015#012#011#015#012#011#011Ticket 'ST-36-qMteL9EaklgNs7zGeS2H-cas' not reconigzed#015#012#011#015#012
Mar 27 15:53:07 rzssotst PAM_cas[5997]:    for requestGET /cas/proxyValidate?ticket=ST-36-qMteL9EaklgNs7zGeS2H-cas&service=imap://imap.blabla HTTP/1.0#012#012
Mar 27 15:53:07 rzssotst PAM_cas[5997]: authentication failure for user 'y0022248' : bad CAS ticket. PT=ST-36-qMteL9EaklgNs7zGeS2H-cas

Do you have any Idea ?

What I recognize is, I take a look at /var/log/mail.log and everytime when I login, it happens twice (for login and logout):
Mar 27 15:59:06 rzssotst in.imapproxyd[5979]: LOGIN: '"y0022248"' (::ffff: x.x.x.x:1723) on existing sd [12]
Mar 27 15:59:06 rzssotst in.imapproxyd[5979]: LOGIN: '"y0022248"' (::ffff:x.x.x.x:1724) on existing sd [10]
Mar 27 15:59:27 rzssotst in.imapproxyd[5979]: LOGOUT: '"y0022248"' from server sd [10]
Mar 27 15:59:27 rzssotst in.imapproxyd[5979]: LOGOUT: '"y0022248"' from server sd [12]
Mar 27 16:00:46 rzssotst in.imapproxyd[5979]: Expiring server sd [9]
Mar 27 16:00:46 rzssotst dovecot: IMAP(y0022248): Disconnected: Logged out
Mar 27 16:04:46 rzssotst in.imapproxyd[5979]: Expiring server sd [12]
Mar 27 16:04:46 rzssotst in.imapproxyd[5979]: Expiring server sd [10]
Mar 27 16:04:46 rzssotst dovecot: IMAP(y0022248): Disconnected: Logged out
Mar 27 16:04:46 rzssotst dovecot: IMAP(y0022248): Disconnected: Logged out

Any Idea why ?

Best regards,

From: Julien Marchal <[email protected]>
To: [email protected]
Sent: Friday, March 27, 2009 3:18:34 AM
Subject: Re: [cas-user] CAS HORDE

Hi Binh,

This is not a requirement to install horde imaporyx foncionne in CASE
We use it in production without imaproxy

You can set pam_cas to debug level in /etc/pam_cas.conf by setting debug property to on (after set level to LOG_DEBUG in syslog)

I don't know which patch you've made but there's an horde's casify on https://sourcesup.cru.fr/frs/?group_id=264&release_id=1410
This casification reuses the same ticket several times to open a connection imap.
This means that you must define a server side cache imap (cyrus saslautd on permits but pam_ccreds)

Thanks,
Julien
  

Binh Thuan Nguyen a écrit :
After patching everything, I login horde over CAS and receive this error, this repeats without ending, does anyone know where is the problem ?

Mar 26 21:57:46 rzssotst PAM_cas[4024]: authentication failure#012#015#012#015#012 #015#012#011'>#015#012#011'>http://www.yale.edu/tp/cas'>#015#012#011 #015#012#011#011Ticket 'ST-97-uqKYM9NN1WbT5EOLGdDw-cas' wurde nicht anerkannt#015#012#011 #015#012
Mar 26 21:57:46 rzssotst PAM_cas[4024]:    for requestGET /cas/proxyValidate?ticket=ST-97-uqKYM9NN1WbT5EOLGdDw-cas&service=imap://xxxx.xxxx HTTP/1.0#012#012
Mar 26 21:57:46 rzssotst PAM_cas[4024]: authentication failure for user 'y0022248' : bad CAS ticket. PT=ST-97-uqKYM9NN1WbT5EOLGdDw-cas
Mar 26 21:57:46 rzssotst dovecot-auth[4024]: pam_ldap: error trying to bind as user "uid=y0022248,ou=people,dc=xx-xx,dc=xx" (Invalid credentials

I use Pam_cas from this site http://sourcesup.cru.fr/frs/?group_id=213&release_id=712
         phpCAS 0.6.0
         CAS 3.2
         Horde 3.1.7 and IMP 4.1.6

Best regards,

From: Binh Thuan Nguyen <[email protected]>
To: [email protected]
Sent: Thursday, March 26, 2009 6:03:16 PM
Subject: [cas-user] CAS HORDE

Hi guys,

Is it necessary to install imapproxy for horde-CAS ?

Nin


--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 



  
    

      
      
      

        
          

             Pôle Lorrain de Gestion

13 rue du Maréchal Ney

CO 30075

54036 NANCY Cedex

            		
          

          

            > Téléphone
            03.54.50.36.54 
          

          

            > Fax
            03.54.50.36.51 
          

        
      

      		
    

    

      Julien Marchal 
    

    

      Pôle Infrastructure - DSI 
    

  




-- 
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to