Re: [SOGo] kerberos authentication

Tue, 01 Feb 2011 01:38:38 -0800 

Dear all,

excuse me but I prevoiulsy posted an incorrect configuration.
The problem is that I tru to use a kerberos authentication but I got a blank
page withe the only word "Unauthorized"
The configuration apache-kerberos is correct, but there is something in SOGo
configuration in order to use kerberos credentials.
I hope that someone has already faced this type of problem.
Thanks in advance,
Marco B


In my SOGo.conf  I uncomment:

<Location /SOGo>
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate Off
  KrbMethodK5Passwd On
  KrbAuthRealms ####.IT
  KrbServiceName HTTP/###.it@####.IT
  Krb5KeyTab /etc/httpd/conf/keytab
  require valid-user
  Order allow,deny
  Allow from all
</Location>

and

  RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e"


My .GNUstepDefaults is

        <key>OCSFolderInfoURL</key>
        <string>mysql://sogo:sogo@localhost
:3306/sogo/sogo_folder_info</string>
        <key>SOGoACLsSendEMailNotifications</key>
        <string>YES</string>
        <key>SOGoAppointmentSendEMailNotifications</key>
        <string>YES</string>
        <key>SOGoDraftsFolderName</key>
        <string>Drafts</string>
        <key>SOGoFoldersSendEMailNotifications</key>
        <string>YES</string>
        <key>SOGoIMAPServer</key>
        
<string>imaps://###.it:993/?tls=YES<http://iris.cnaf.infn.it:993/?tls=YES>
</string>
        <key>SOGoLanguage</key>
        <string>Italian</string>
        <key>SOGoMailDomain</key>
        <string>cnaf.infn.it</string>
        <key>SOGoProfileURL</key>
        <string>mysql://sogo:sogo@localhost
:3306/sogo/sogo_user_profile</string>
        <key>SOGoSentFolderName</key>
        <string>Sent</string>
        <key>SOGoTimeZone</key>
        <string>Europe/Rome</string>
        <key>SOGoTrashFolderName</key>
        <string>Trash</string>
        <key>SOGoTrustProxyAuthentication</key>
        <string>YES</string>
        <key>SOGoUserSources</key>
        <array>
            <dict>
                <key>CNFieldName</key>
                <string>cn</string>
                <key>IDFieldName</key>
                <string>uid</string>
                <key>UIDFieldName</key>
                <string>uid</string>
                <key>baseDN</key>
                <string>ou=people,ou=cnaf,o=infn,c=it</string>
                <key>canAuthenticate</key>
                <string>YES</string>
                <key>displayName</key>
                <string>Shared Addresses</string>
                <key>hostname</key>
                <string>131.154.128.32</string>
                <key>id</key>
                <string>public</string>
                <key>isAddressBook</key>
                <string>YES</string>
                <key>port</key>
                <string>389</string>
                <key>type</key>
                <string>ldap</string>
            </dict>
        </array>
    </dict>
</dict>
</plist>



2011/1/26 <[email protected]>

> Hi Marco,
>
> to use external authentication like Kerberos you have to use HTTP Header in
> front of SOGo:
>
> http://www.sogo.nu/english/support/faq/article/how-to-use-webauth-with-sogo-2.html
>
> There are a lot of examples in the Web for doing that. But the exact
> configuration steps depend on your setup. Especially for Apache and
> Kerberos
> there are a lot of how-tos.
>
> esco
> --
> [email protected]
> https://inverse.ca/sogo/lists
>
-- 
[email protected]
https://inverse.ca/sogo/lists

Reply via email to