Authenticate Cyrus off active directory

Kevin P. Fleming kpfleming at
Thu Dec 4 12:23:59 EST 2003

Rob Siemborski wrote:

> Our webmail (squirrelmail) is doing kerberos authentication.  We gutted
> the authentication part of squirrelmail and instead launch a persistant
> imtest process, which squirrelmail connects to instead (this was
> relatively easy to do, actually -- most of the changes that were
> required were in imtest).  This also has the benefit of caching
> authentications (like a proxy), since successive page hits just re-use
> the same imtest process.

I'd like to be able to do the same sort of thing; any chance these 
changes are distributable (no support, i'm sure they're ugly, etc. etc.)?

> The trick is that you need to get the user's kerberos ticket to the web
> server, which we accomplish via a system known as pubcookie, which has
> been developed by a few universities.  Its sort of like
> kerberos-via-cookies, though the kerberos ticket passing bit is somewhat
> disconnected from the main system.

This was the stumbling block in my mental exercises to get this working. 
I'd never heard of pubcookie before :-)

More information about the Info-cyrus mailing list