On 20 Feb 2008, at 14:12, Tobias Franzén wrote: > > > The tricky part is the web mail. I want users to login to the web mail > via Cosign, and the simplest way would be if I could use a Kerberos > ticket to gain access to smtp, imap and ldap all in one go. I haven't > found a web mail system that can use GSSAPI straight away (either via > Cosign, mod_auth_kerb, SPNEGO or some other SSO setup). And from what > I've read in the mail list archives, you don't use this, but instead > have some local proxy with only simple username "login".
This isn't true. We're running IMP here in exactly this configuration. IMP gets a Kerberos ticket from somewhere (in our case cosign, but this works just as well with mod_auth_kerb doing SPNEGO), and uses that to authenticate through to the IMAP server using GSSAPI. It's been a while since I looked at this - when I prototyped it, a small change was required to the PHP IMAP module in order to enable GSSAPI authentication. I know that the people who actually run our central mail service are on this list - so hopefully one of them will pop up and provide further details. S. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
