Hi every one,
first thanks for the great job, I switched successfully from courier imap a few months ago and both the migration and maintenance went smoothly from then on.
The reason I switched was gssapi support (and the easier debug) and now I have thunderbird on Linux connecting in an SSO fashion through kerberos/GSSAPI (works great).
Users should be able to access their mail throught a webmail too (eg. eGroupware). I have already checked for kerberos authentication on Apache, however there seems to be no way to have ticket forwarding throught PHP. AFIAK there is thus no way to use kerberos for php-imap --> dovecot authentication. The only information available seems to be the username.
So here is my question :
how do people on this mailing list handle kerberos authentication with webmail? Do you use other kind of authentication on privileged port (ie with access only from apache) and just do a login/nopassword authentication (like an uid base authentication through ldapi:/// on an ldap directory for example) ?
Here is what we have with thunderbird :
Thunderbird -------kerberos-------> dovecot on standard port
Here is what I would guess for webmail auth :
Firefox ------kerberos----> Apache ----gssapi-auth-just-using-login----> dovecot on privileges port
Cheers,
Denis
-- Denis Cardon Tranquil IT Systems 44 bvd des pas enchantés 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.62.67 http://www.tranquil-it-systems.fr