On Wed, Feb 28, 2007, Martin Hierling <[EMAIL PROTECTED]> said: >> the username is available. The dbmail-imap server gets the request >> > for user joe and should deliver the mails, without password. >> Why not propagate the users password to the imap server, and use it >> for authenticating? It should not be that hard >> to keep Shibboleth and dbmail's authentication table in sync. > > > thats not how shibboleth is working .... as far as i can say the framework > only tells the webapp the user is authenticated. it is also possible to > exchange some attributes. something like the user is authorized to read all > books from categories A-C but not from D-F. A password exchange is not > possible. So this is no option. > For sure it is possible (with a propper set up identity management) to keep > the passwords in sync.
These sorts of systems work by giving a username and an authorization code. The application server then checks with the authentication server and says, "I got this username and this authorization code, is it valid?" and the auth server says yes or no. It's one level of abstraction away from actually keeping password lists all over the place. Aaron _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
