Hello I use SOGo with a webSSO, which has the consequence that apache has a REMOTE_USER, but no password. It feeds the REMOTE_USER to SOGo, and thanks to the SOGoTrustProxyAuthentication, SOGo works fine.
Now I want to add Funambol. mobile clients authenticate to Funambol within the syncML protocol, and Funambol passes the credentials to SOGo through an Authorization header. Of course that plays badly with SOGoTrustProxyAuthentication since SOGo will accept the login without validating the password. I had a look at the code, and if I understand correctly, SOGoTrustProxyAuthentication causes SOGo to accept the login taken from x-webobjects-remote-user or from Authorization header. Is it correct that there is no way to trust x-webobjects-remote-user but to validate the credentions from Authorization header? If that is correct, then I am ready to submit a patch to fix that, provided the change makes concensus. -- Emmanuel Dreyfus m...@netbsd.org -- users@sogo.nu https://inverse.ca/sogo/lists
