Re: [SOGo] authentication with kerberos

Fri, 11 Jan 2013 06:10:32 -0800 

Hello,

this might be bug 1200:
http://www.sogo.nu/bugs/view.php?id=1200

Best regards,
Heiner



Am Thursday 10 January 2013 23:25:05 schrieb cmsch...@rockwellcollins.com:
> Hello - thanks for the response.. As requested.. and a few other things..
>
> /etc/httpd/conf.d/SOGo.conf
>
> ***********************************
> <Location /SOGo>
>   AuthType Kerberos
>   Require valid-user
>   SetEnv proxy-nokeepalive 1
>   Allow from all
>
>   KrbAuthRealms EXAMPLE.COM
>   KrbServiceName HTTP/host.example....@example.com
>   Krb5Keytab /etc/httpd/krb5.keytab
>   KrbLocalUserMapping On
>   RewriteEngine On
>   RewriteRule .* - [E=SOGO_REMOTE_USER:%{REMOTE_USER}]
> </Location>
>
> ProxyRequests Off
> SetEnv proxy-nokeepalive 1
> ProxyPreserveHost On
> ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
>
> <Proxy http://127.0.0.1:20000/SOGo> [^]
>   RequestHeader set "x-webobjects-server-port" "80"
>   RequestHeader set "x-webobjects-server-name" "host"
>   RequestHeader set "x-webobjects-server-url" "http://host";
>   RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e"
>   RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
>   RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e
> env=REMOTE_HOST
>   AddDefaultCharset UTF-8
>   Order allow,deny
> </Proxy>
> RewriteEngine On
> RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]
> ***********************************
>
> And actually - I got this working okay. But the problem still seems to be
> that I have dovecot working with Kerberos - I can telnet into the IMAP
> port using my username and password and it works just fine..
>
> ******************
> [root@centos01 httpd]# telnet localhost 143
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
> STARTTLS AUTH=PLAIN] Dovecot ready.
> . login username password
> . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
> SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT
> CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC
> ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
> ***********************************
>
> My dovecot config looks like this:
>
> ***********************************
> [root@centos01 httpd]# dovecot -n
> # 2.0.9: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-279.19.1.el6.x86_64 x86_64 CentOS release 6.3 (Final)
> auth_debug = yes
> auth_debug_passwords = yes
> auth_username_format = %Lu
> auth_verbose = yes
> disable_plaintext_auth = no
> mbox_write_locks = fcntl
> passdb {
>   driver = pam
> }
> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
> ssl_key = </etc/pki/dovecot/private/dovecot.pem
> userdb {
>   args = uid=503 gid=503 home=/home/vmail/%u
>   driver = static
> }
> ***********************************
>
> The pam_dovecot looks like this...
>
> ***********************************
> [root@centos01 httpd]# cat /etc/pam.d/dovecot
> #%PAM-1.0
> auth    sufficient      pam_krb5.so no_user_check validate
> account sufficient      pam_permit.so
> [root@centos01 httpd]#
>
> However, when I log into SOGo, then I get the error in my
> /var/log/maillog.
>
> Jan 10 16:19:45 centos01 dovecot: auth: Debug: pam(user,127.0.0.1): lookup
> service=dovecot
>
> Any ideas?
>
> Thanks -
>
> Chris
>
>
>
>
>
> From:   Khapare Joshi <khapar...@gmail.com>
> To:     users@sogo.nu
> Date:   01/10/2013 02:29 PM
> Subject:        Re: [SOGo] authentication with kerberos
>
>
>
> can you share how did you configure sogo with kerberos ?
>
> On Thu, Jan 10, 2013 at 8:03 PM, <cmsch...@rockwellcollins.com> wrote:
> Is there anyway for SOGO to authenticate with UPPERCASE domain names? I
> was
> having issues with Dovecot with LDAP, so i configured it with Kerberos,
> which
> works great. However, when SOGO passes the authentication piece to
> Dovecot, it
> uses a lowercase domain name..
>
> i.e.
>
> u...@example.com
>
> instead of
>
> u...@example.com for kerberos to work.
>
> Any insight?
>
> Thanks -
>
> Chris
>
> CentOS release 6.3 (Final) 2.6.32-279.19.1.el6.x86_64
>
> sogo-2.0.3a-1.centos6.x86_64
> postfix-2.6.6-2.2.el6_1.x86_64
> dovecot-2.0.9-2.el6_1.1.x86_64
> --
> users@sogo.nu
> https://inverse.ca/sogo/lists


-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Reply via email to