CMU kerberized SquirrelMail by using the imtest utility included in Cyrus.
You can read about it at their WiKi:
http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/SquirrelMailKerberos
--On Wednesday, February 20, 2008 3:12 PM +0100 Tobias Franzén
<[EMAIL PROTECTED]> wrote:
> I've tried looking through "the Google", and the mail list archives, but
> my results are inconclusive at best.
>
> My setup is basically three different servers.
> Server 1: Kerberos (Heimdal), OpenLDAP (SSL/TLS required, with simple
> bind or GSSAPI auth, users have a {SASL} password), and saslauthd
> locally to make simple binds work (I need this sometimes). Also a
> SSL-enabled MySQL server. (No kerberos support there sadly.)
>
> Server 2: Apache with goodies like PHP and CoSign module, and cosignd
> running on the same machine. Kerberos login work. Haven't tried much
> more, or done anything with tickets.
>
> Server 3, the mail server, is not yet configured. Here I plan to use
> Postfix for SMTP, Dovecot for IMAP, and have things like Spamassasin and
> antivirus. Postfix and Dovecot both support GSSAPI, which is part of the
> reason I picked them. Also, I have mail stored in the Maildir format
> from before, and I want to keep it that way, so I can't use Cyrus-imap
> (no Maildir support) or Courier-imap (no SASL/GSSAPI support).
>
> The tricky part is the web mail. I want users to login to the web mail
> via Cosign, and the simplest way would be if I could use a Kerberos
> ticket to gain access to smtp, imap and ldap all in one go. I haven't
> found a web mail system that can use GSSAPI straight away (either via
> Cosign, mod_auth_kerb, SPNEGO or some other SSO setup). And from what
> I've read in the mail list archives, you don't use this, but instead
> have some local proxy with only simple username "login".
>
> I use SquirrelMail for my current setup (simple SSL plain text auth
> based), but there is no real reason I must stick with SquirrelMail. My
> users probably won't mind as long as I can get a SSO setup working. And
> as far as I can tell, they are currently discussing whether or not to
> add GSSAPI support in SquirrelMail 1.5.2, but that is still a long way
> off.
>
> So what I'm asking is if there is some web mail system that you know of
> that already has support for a pure GSSAPI/Kerberos ticket
> authentication, or if any of you have made such modifications yourself,
> that you are willing and able to share?
>
> Other alternatives are also welcome, but I'd rather it at least included
> some connection to LDAP for verification/validation of users, possibly
> via a simple "anonymous" search, and not just relied on an existing
> Maildir = a valid account (like you use at UMich, if I am not mistaken).
> (I guess you could restrict access to the web mail itself via Cosign
> Factors before it even got to this point though.)
>
> /Tobias
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Cosign-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
--
* Matanya Elchanani * Technical Director * Information Technology
* University of Bridgeport * 303 University Ave * Bridgeport, CT 06604
* Tel: 203-576-4322 * Fax: 203-576-4613
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
