[Slightly OT]: NTLM auth via SquirrelMail?

[Kevin P. Fleming]

I just recently set up SquirrelMail connected to an existing Cyrus 
2.1.15 installation. So far so good, things are working well.

However, I'd like to move towards a single sign-on model, and this 
should be possible given that the clients are running Windows/IE and 
authentication against a Samba domain controller. I believe I can set up 
mod_ntlm in Apache to learn the remote user's name and pass that to 
SquirrelMail, but then I need to get SquirrelMail successfully logged in 
to the Cyrus mailbox for that user _without knowing the user's password_...

I can think of some possibilities:

- make SquirrelMail always log in as some type of "super user" in Cyrus 
land, with authorization to access the user mailboxes

- somehow use NTLM authentication in Cyrus as well (although I don't 
know if that could be made to work, seeing as Cyrus is not actually 
talking to the real client)

- make Cyrus believe the IMAP connection is "preauthed" as user "x" and 
not require any type of IMAP LOGIN

Anyone have any suggestions?