[Dovecot] Proxy and SSO (single sign-on)

Miguel Tormo mlists at edicom.eu
Wed Apr 4 14:47:47 EEST 2012


El Miércoles, 4 de Abril de 2012 13:21:33 Timo Sirainen escribió:
> On 4.4.2012, at 14.18, Miguel Tormo wrote:
> 
> > I have a running setup with a dovecot imap4/pop3 proxy to a few dovecot backend servers which actually store the mailboxes. This is running smoothly and allows me to transparently distribute mailboxes.
> > I'm using some "extrafield" configured in the LDAP passdb.
> > 
> > However, now I would like to use GSSAPI (preferred) and NTLM for single sign-on. Both are pretty straightforward to configure in a single instance environment, but I don't know if they would work with proxy. For example, with GSSAPI there are two cases:
> >  1) Just use gssapi mechanism, without PAM. Then, it a user presents a ticket the passdb ldap is not used, so the extrafields are never read.
> 
> The patch in http://dovecot.org/list/dovecot/2012-March/064331.html makes this work I think. I still haven't managed to look into it much though.
> 
> 

It definitely is worth a look. I wonder if it would make ldap extrafields lookups work with gssapi auth, I will try it and post the results.
Thank you!



More information about the dovecot mailing list