Hi Patrick,
I am using Apache in a Piler container with mod_auth_gssapi
(https://github.com/gssapi/mod_auth_gssapi)
I contributed this setup to the .htaccess here
https://bitbucket.org/jsuto/piler/src/master/webui/.htaccess
In this setup you don't need any winbind. Just setup Kerberos as
explained in the .htaccess
The cool thing about this is the fact that Apache simply sets the
Authenticated-User once the Kerberos authentication was successful.
Piler will then use this env as the username.
Additionally I set:
// enable single sign-on (disabled by default)
$config['ENABLE_SSO_LOGIN'] = 1;
$config['PASSWORD_CHANGE_ENABLED'] = 0;
$config['STRIP_DOMAIN_NAME_FROM_USERNAME'] = 0;
Note that Kerberos expects the Domain part to be capitalized. If you
login "manually" without SSO you will have to use
"username@YOUR.KERBEROS.DOMAIN"
(There's some more documentation on Kerberos and mod_auth_gssapi on my
Blog - in German :(
https://blog.loetzimmer.de/2021/04/activedirectory-sso-mit-apache.html)
Alex
Am 28.06.2023 12:31, schrieb patrick.we...@rgi.net:
Hello Janos!
At the moment i am trying to configure my mailpiler docker solution to
use SSO.
I am using your instruction on
https://www.mailpiler.org/wiki/current:single-sign-on [1], but I am not
sure
if this will work for the docker solution.
My server contains of 3 dockers (piler, mysql, memcached). The piler
docker runs the nginx webserver, the piler (version 1.4.4) and
manticore.
Samba and winbind is not installed. My best guest is, that i have to
install samba and winbind in the piler docker instead of installing it
on the host. Am I right?
- Patrick
Links:
------
[1] https://www.mailpiler.org/wiki/current:single-sign-on
