Hi Patrick,

I am using Apache in a Piler container with mod_auth_gssapi (https://github.com/gssapi/mod_auth_gssapi)

I contributed this setup to the .htaccess here https://bitbucket.org/jsuto/piler/src/master/webui/.htaccess

In this setup you don't need any winbind. Just setup Kerberos as explained in the .htaccess The cool thing about this is the fact that Apache simply sets the Authenticated-User once the Kerberos authentication was successful. Piler will then use this env as the username.

Additionally I set:

// enable single sign-on (disabled by default)
$config['ENABLE_SSO_LOGIN'] = 1;


Note that Kerberos expects the Domain part to be capitalized. If you login "manually" without SSO you will have to use "username@YOUR.KERBEROS.DOMAIN"

(There's some more documentation on Kerberos and mod_auth_gssapi on my Blog - in German :( https://blog.loetzimmer.de/2021/04/activedirectory-sso-mit-apache.html)


Am 28.06.2023 12:31, schrieb patrick.we...@rgi.net:

Hello Janos!

At the moment i am trying to configure my mailpiler docker solution to use SSO. I am using your instruction on https://www.mailpiler.org/wiki/current:single-sign-on [1], but I am not sure
if this will work for the docker solution.
My server contains of 3 dockers (piler, mysql, memcached). The piler docker runs the nginx webserver, the piler (version 1.4.4) and manticore. Samba and winbind is not installed. My best guest is, that i have to install samba and winbind in the piler docker instead of installing it on the host. Am I right?

- Patrick

[1] https://www.mailpiler.org/wiki/current:single-sign-on

Reply via email to