[Dovecot] Proxy and SSO (single sign-on)

Timo Sirainen tss at iki.fi
Wed Apr 4 14:21:33 EEST 2012


On 4.4.2012, at 14.18, Miguel Tormo wrote:

> I have a running setup with a dovecot imap4/pop3 proxy to a few dovecot backend servers which actually store the mailboxes. This is running smoothly and allows me to transparently distribute mailboxes.
> I'm using some "extrafield" configured in the LDAP passdb.
> 
> However, now I would like to use GSSAPI (preferred) and NTLM for single sign-on. Both are pretty straightforward to configure in a single instance environment, but I don't know if they would work with proxy. For example, with GSSAPI there are two cases:
>  1) Just use gssapi mechanism, without PAM. Then, it a user presents a ticket the passdb ldap is not used, so the extrafields are never read.

The patch in http://dovecot.org/list/dovecot/2012-March/064331.html makes this work I think. I still haven't managed to look into it much though.



More information about the dovecot mailing list