Authenticate Cyrus off active directory
Kevin P. Fleming
kpfleming at backtobasicsmgmt.com
Thu Dec 4 12:23:59 EST 2003
Rob Siemborski wrote:
> Our webmail (squirrelmail) is doing kerberos authentication. We gutted
> the authentication part of squirrelmail and instead launch a persistant
> imtest process, which squirrelmail connects to instead (this was
> relatively easy to do, actually -- most of the changes that were
> required were in imtest). This also has the benefit of caching
> authentications (like a proxy), since successive page hits just re-use
> the same imtest process.
I'd like to be able to do the same sort of thing; any chance these
changes are distributable (no support, i'm sure they're ugly, etc. etc.)?
> The trick is that you need to get the user's kerberos ticket to the web
> server, which we accomplish via a system known as pubcookie, which has
> been developed by a few universities. Its sort of like
> kerberos-via-cookies, though the kerberos ticket passing bit is somewhat
> disconnected from the main system.
This was the stumbling block in my mental exercises to get this working.
I'd never heard of pubcookie before :-)
More information about the Info-cyrus