cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Cosign and cyrus imap and IMP
Thanks for that, really cool, as we will be moving our student mail systems
to this in the near future and it is good to know how you guys have done it.
But, the problem I am having is mainly with Kerberos, in reality, because
the tickets are tied to the cosign server, and thus will not work on the web
server with my IMP and IMAP proof of concept (more of a kinda it-can-be-done
than POC). I cannot see how you guys get around it, other than perhaps your
Kerberos server gives out address-less tickets by default???
I will need to wander through the PHP stuff to try to figure out why it is
attempting to proxy me to the apache user.
From: Wesley D Craig [mailto:wes@xxxxxxxxx]
Sent: Sunday, 7 November 2004 5:35 a.m.
To: Brett Lomas on vxchange
Subject: Re: Cosign and cyrus imap and IMP
On 06 Nov 2004, at 06:12, Brett Lomas on vxchange wrote:
> Has anyone gotten cosign working Cyrus IMAP through IMP?
This is exactly what we're running at UMich today, tho we're using
Cyrus Murder, so maybe it's more complex than you require. We're also
(which appears to be down just now) to cache IMAP connections, thus
reducing load on the IMAP servers. /etc/imapproxy.conf has these
to tell it to just talk to the local proxyd and to listen on the
loopback on an alternate port.
We also made a small change to proxyd:
which has been accepted into the cyrus imap CVS. Cyrus proxyd is
running locally on the IMP machines, with the above -N option. IMP has
been modified to authenticate to port 8143 using the REMOTE_USER as
provided by Cosign for both ID & password.
I've attached a picture. This set up works much better than our old
setup, which used the Cosign provided TGT to make a new connection for
each HTTP transaction.