Horde/IMP authentication to Cyrus via client certificates?
Kevin P. Fleming
kpfleming at starnetworks.us
Thu Feb 17 22:30:40 EST 2005
Igor Brezac wrote:
> SASL/EXTERNAL is what you want although I have to not tried it.
> OpenLDAP works great. In theory, the CN part of the client
> certitificate subject needs to be a valid mailbox. You can test this
> with imtest -t client_cert_file -m EXTERNAL .... I assume that you have
> SSL/TLS working.
Yes, I do have that working. I'll test with SASL/EXTERNAL, it sounds
like exactly what I need. I don't really want the CN to be the mailbox
name, though, I'd rather have SASL/EXTERNAL work off the email address
embedded in the certificate.
> Your bigger issue is to find a client that supports SASL/EXTERNAL. I do
> not believe c-client library (this is what drives IMP/Horde via PHP)
> supports SASL/EXTERNAL, so this is what you need to start hacking.
That's been my plan; c-client is very simple, and I've already hacked
Horde to get the PEM-encoded client cert from Apache and store it in a
session variable, so I can extract it out in IMP and pass it to
c-client. If I get it working I'll post the results :-)
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list