Hi everybody, I'd like to share my thought. I successfully set up a combination of squirrelmail+qmail-ldap+CAS authentication
The ingredients are
1) a minor patch to squirrelmail (which puts quotes " around username
and password)
2) imapproxy which talks with a modified auth_imap, an external program that
does authentication
for courier imap
3) a squirrelmail login screen that uses the proxy feature of cas
phpCAS::proxy(CAS_VERSION_2_0,'caoss.cilea.it',443,'/cas');
phpCAS::forceAuthentication();
$nomeutente=phpCAS::getUser();
phpCAS::serviceMail("{127.0.0.1:800}INBOX",0,$errore,$msg_errore,$pt);
in order to authenticate to the imapd with username extracted from the
CAS serer, and proxy ticket as the password
4) a modified auth_imap (a perl script, wrapped by a setuid executable)
The modified auth_imap is a quick and dirty ack, but I feel it is
intersting to share it with the list.
Probably there are bugs and surely it will not work in every possible
situation, but it is a proof of concept. If you are intersted I can send
you other details.
Best regards,
Enrico
--
Enrico Cavalli
CILEA - via R. Sanzio 4, 20090 - Segrate (MI), Italy
phone: +39 02 26995.1 - fax: +39 02 2135520 - skype: enricocavalli
PGP Fingerprint: 3762 7B1B 743E 029C 8F94 8ADE BC4B 43A7 0485 30E5
auth_imap.pl
Description: Perl program
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
