Mike, Thanks for your reply.
On 3/23/07, Michael B Allen <[EMAIL PROTECTED]> wrote:
On Thu, 22 Mar 2007 12:02:50 +0500 "Back Ports" <[EMAIL PROTECTED]> wrote: > Hi all, > > Is there any progress on the following bug report: > > http://bugs.php.net/bug.php?id=33500&thanks=6 > > It was reported quite a while ago -- I also saw a relevant post on the > mit kerberos mailing list where discussed patches fixed the issue, > however, they appear impossible to track down. > > http://mailman.mit.edu/pipermail/kerberos/2006-April/009629.html I'm not a php dev and I don't know the status of this bug but I have a possible solution for you anyway. If you're on an Active Directory network (very possible if your IMAP server is offering GSSAPI) then you could use our product to get the necessary credential so that the IMAP extension's GSSAPI auth works.
We're on MIT kerberos, openldap & dovecot is the imap server. Our gssapi bit works well for all clients, etc. -- it's only the php imap call which chokes.
With our Plexcel PHP extension (see sig) you can acquire Kerberos credentials in three ways - 1 Single Sign-On (the delegated credential from the web client); 2 use the HTTP service account cred; or 3 explicit logon with username and password.
The problem is that php doesn't go ahead and try plain auth if gssapi doesn't work out -- I don't think supplying krb5 credentials would work -- however, I will go ahead and give that a shot. We're using stanford's webauth and a user ticket can easily be made available when trying gssapi. ldap_sasl_auth() doesn't support gssapi either, though my earlier post to this list ended up on a web site somewhere with a note saying 'theoretically it's possible'. Appreciate your help. mustafa. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
