[Dovecot] gssapi, kerberos and webmail
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Fri Sep 14 11:02:39 EEST 2007
Hi every one,
first thanks for the great job, I switched successfully from courier
imap a few months ago and both the migration and maintenance went
smoothly from then on.
The reason I switched was gssapi support (and the easier debug) and now
I have thunderbird on Linux connecting in an SSO fashion through
kerberos/GSSAPI (works great).
Users should be able to access their mail throught a webmail too (eg.
eGroupware). I have already checked for kerberos authentication on
Apache, however there seems to be no way to have ticket forwarding
throught PHP. AFIAK there is thus no way to use kerberos for php-imap
--> dovecot authentication. The only information available seems to be
the username.
So here is my question :
how do people on this mailing list handle kerberos authentication with
webmail? Do you use other kind of authentication on privileged port (ie
with access only from apache) and just do a login/nopassword
authentication (like an uid base authentication through ldapi:/// on an
ldap directory for example) ?
Here is what we have with thunderbird :
Thunderbird -------kerberos-------> dovecot on standard port
Here is what I would guess for webmail auth :
Firefox ------kerberos----> Apache ----gssapi-auth-just-using-login---->
dovecot on privileges port
Cheers,
Denis
--
Denis Cardon
Tranquil IT Systems
44 bvd des pas enchantés
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.62.67
http://www.tranquil-it-systems.fr
More information about the dovecot
mailing list