CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cosign and cyrus imap and IMP



Has anyone gotten cosign working Cyrus IMAP through IMP?


I have gotten IMAP to work with Kerberos tickets locally and it all seems fine. When I use cosign and mod_apache on an apache 2 server I get the ticket successfully, but because of the address in the ticket, my KDC is refusing to issue the imap service ticket for it.


To get around this (at least temporarily - to test the IMP/imap GSSAPI) I did a kinit on the CC which mod_cosign created for me, then attempted again. It fails then with an error that I am not allowed to proxy (and a klist on the CC reveals a nice imap service ticket). So I added myself to the proxyservers config in imapd.conf, and then it worked. But this isn't good... it appears something (IMP) is authenticating as me and then attempting to proxy as the user apache (which the web server is running as).


Any ideas on the both of there???







Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010